Skip to content
This repository has been archived by the owner on Jun 2, 2023. It is now read-only.

Elgg/content-security-policy

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
src
src
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
.travis.yml
.travis.yml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
composer.json
composer.json
 
 

Repository files navigation

Content Security Policy (CSP) support for PHP

Installation:

composer require elgg/content-security-policy

Example usage:

use Elgg\ContentSecurityPolicy\Directive;
use Elgg\ContentSecurityPolicy\Header;
use Elgg\ContentSecurityPolicy\Policy;
use Elgg\ContentSecurityPolicy\Source;

$policy = new Policy();
$policy = $policy->withSource(Directive::DEFAULT_SRC(), Source::SELF)
            ->withSource(Directive::IMAGE_SRC(), Source::DATA);
            
header(Header::STANDARD . ": $policy");
// Sends "Content-Security-Policy: default-src 'self'; img-src data:"

By default, the policy blocks everything it possibly can. This is by design to ensure that your site only allows what you want to allow, not what someone else thinks is a reasonable default.

$policy = new Policy();
echo $policy; // default-src 'none'; sandbox

Features:

Elgg\ContentSecurityPolicy\Policy
 [x] Instances are immutable
 [x] Supports configuring all standard src directives
 [x] Can be stringified into standard csp format
 [x] The default policy value allows nothing

About

CSP support for PHP

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

7 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages