Composer
首页 包列表 提交包 常见问题 关于

定制 zae/content-security-policy 二次开发

按需修改功能、优化性能、对接业务系统,提供一站式技术支持

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

zae/content-security-policy

最新稳定版本:2.5.0

Composer 安装命令:

composer require zae/content-security-policy

包简介

A really easy way to build CSP headers and add them to the response.

关键字:

# http # twig # middleware # csp # content security policy # laravel 5 # craft 3

README 文档

README

Latest Version on Packagist Software License Total Downloads codecov

A really easy way to build CSP headers and add them to the response.

Officially supported platforms:

  • Laravel: ^5.8
  • Craft: ^3.0

Install

Via Composer

$ composer require zae/content-security-policy

Laravel

Middleware

Add the middleware to the middleware Kernel.

protected $middlewareGroups = [
    'web' => [
        ...
        \Zae\ContentSecurityPolicy\Laravel\Http\Middleware\ContentSecurityPolicy::class
    ],
]

Config (config/csp.php)

return [
	BlockAllMixedContent::class,
    Sandbox::class => [
        Sandbox::ALLOW_FORMS,
        Sandbox::ALLOW_SCRIPTS,
        Sandbox::ALLOW_TOP_NAVIGATION,
        Sandbox::ALLOW_SAME_ORIGIN,
        Sandbox::ALLOW_POPUPS,
    ]
];

Craft 3

The library includes a module for Craft 3 that can send the CSP header and a twig function to get the current CSP nonce.

Register the module like this:

'modules' => [
    'csp' => \Zae\ContentSecurityPolicy\Craft\Module::class,
],
'bootstrap' => [
    'csp'
]

Use the twig functions like this:

<script nonce="{{ cspnonce() }}">
    // inline javascript
</script>

Config (config/csp.php)

return [
    'components' => [
        'builder' => Builder::class,
    ],
    'params' => [
        BlockAllMixedContent::class,
        Sandbox::class => [
            Sandbox::ALLOW_FORMS,
            Sandbox::ALLOW_SCRIPTS,
            Sandbox::ALLOW_TOP_NAVIGATION,
            Sandbox::ALLOW_SAME_ORIGIN,
            Sandbox::ALLOW_POPUPS,
        ]
    ]
];

Other

Although not officially supported yet, it's possible to use this library with other frameworks, an easy method is by using FluidDirectivesFactory.

Fluid Factory

<?php
$csp = new CSP();
$factory = new FluidDirectivesFactory($csp);
$factory
    ->blockAllMixedContent()
    ->defaultSrc([
        Directive::SELF,
        'https:'
    ])
    ->baseUri([
        Directive::SELF
    ]);

Change log

Please see CHANGELOG for more information on what has changed recently.

Contributing

Please see CONTRIBUTING for details.

Security

If you discover any security related issues, please email ezra@tsdme.nl instead of using the issue tracker.

Credits

License

The MIT License (MIT). Please see License File for more information.

统计信息

  • 总下载量: 7.24k
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 0
  • 点击次数: 1
  • 依赖项目数: 0
  • 推荐数: 1

GitHub 信息

  • Stars: 0
  • Watchers: 1
  • Forks: 1
  • 开发语言: PHP
访问仓库

其他信息

  • 授权协议: MIT
  • 更新时间: 2017-01-08