elgg/content-security-policy

This package is abandoned and no longer maintained. No replacement package was suggested.

An immutable content-security-policy (csp) object for PHP

Maintainers

Details

github.com/Elgg/content-security-policy

Source

Issues

Installs: 46

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 7

Forks: 0

Open Issues: 2

v1.0.0 2015-03-18 20:42 UTC

Requires

Requires (Dev)

MIT 9b8c1bc44affabb1cc951c60684c0e9ed2a29823

  • Evan Winslow <evan.woop@elgg.org>

This package is auto-updated.

Last update: 2023-06-02 10:10:28 UTC

README

Installation:

composer require elgg/content-security-policy

Example usage:

use Elgg\ContentSecurityPolicy\Directive;
use Elgg\ContentSecurityPolicy\Header;
use Elgg\ContentSecurityPolicy\Policy;
use Elgg\ContentSecurityPolicy\Source;

$policy = new Policy();
$policy = $policy->withSource(Directive::DEFAULT_SRC(), Source::SELF)
            ->withSource(Directive::IMAGE_SRC(), Source::DATA);
            
header(Header::STANDARD . ": $policy");
// Sends "Content-Security-Policy: default-src 'self'; img-src data:"

By default, the policy blocks everything it possibly can. This is by design to ensure that your site only allows what you want to allow, not what someone else thinks is a reasonable default.

$policy = new Policy();
echo $policy; // default-src 'none'; sandbox

Features:

Elgg\ContentSecurityPolicy\Policy
 [x] Instances are immutable
 [x] Supports configuring all standard src directives
 [x] Can be stringified into standard csp format
 [x] The default policy value allows nothing