fyre/csp

A content security policy library.

Maintainers

Details

github.com/elusivecodes/FyreCSP

Source

Issues

Installs: 45

Dependents: 1

Suggesters: 0

Security: 0

Stars: 0

Watchers: 1

Forks: 0

Open Issues: 0

v2.1.1 2024-06-25 06:44 UTC

Requires

Requires (Dev)

MIT 6d9d9b0593bd468b9352186e52d779b84ccce08c

  • elusivecodes <elusivecodes.woop@gmail.com>

This package is auto-updated.

Last update: 2024-06-25 06:45:16 UTC

README

FyreCSP

FyreCSP is a free, open-source content security policy library for PHP.

Table Of Contents

Installation

Using Composer

composer require fyre/csp

In PHP:

use Fyre\Security\CspBuilder;

Methods

Add Headers

Add CSP headers to a ClientResponse.

$newResponse = CspBuilder::addHeaders($response);

Clear

Clear all policies.

CspBuilder::clear();

Create Policy

Create a Policy.

  • $key is a string representing the policy key, and should be one of either CspBuilder::DEFAULT or CspBuilder::REPORT.
  • $directives is an array containing the directives to add, and will default to [].
CspBuilder::createPolicy($key, $directives);

Get Policy

Get a Policy.

  • $key is a string representing the policy key, and should be one of either CspBuilder::DEFAULT or CspBuilder::REPORT.
$policy = CspBuilder::getPolicy($key);

Get Policies

Get all policies.

$policies = CspBuilder::getPolicies();

Get Report To

Get the Report-To values.

$reportTo = CspBuilder::getReportTo();

Has Policy

Check if a policy exists.

  • $key is a string representing the policy key, and should be one of either CspBuilder::DEFAULT or CspBuilder::REPORT.
$hasPolicy = CspBuilder::hasPolicy($key);

Set Policy

Set a policy.

  • $key is a string representing the policy key, and should be one of either CspBuilder::DEFAULT or CspBuilder::REPORT.
  • $policy is a Policy.
CspBuilder::setPolicy($key, $policy);

Set Report To

Set the Report-To values.

  • $reportTo is an array containing the Report-To values.
CspBuilder::setReportTo($reportTo);

Policies

Add Directive

Add options to a directive.

  • $directive is a string representing the directive.
  • $value is a string, or an array of strings containing the values to add. For directives that don't require values, you can set this to true or false indicating whether to include the directive.
$newPolicy = $policy->addDirective($directive, $value);

Get Directive

Get the options for a directive.

  • $directive is a string representing the directive.
$options = $policy->getDirective($directive);

Get Header

Get the header string.

$header = $policy->getHeader();

Has Directive

Determine if a directive exists.

  • $directive is a string representing the directive.
$hasDirective = $policy->hasDirective($directive);

Remove Directive

Remove a directive.

  • $directive is a string representing the directive.
$newPolicy = $policy->removeDirective($directive);

Middleware

use Fyre\Security\Middleware\CspMiddleware;
  • $options is an array containing options for the middleware.
    • default is an array containing the policy directives, and will default to [].
    • report is an array containing the report-only directives, and will default to null.
    • reportTo is an array containing the Report-To header value, and will default to [].
$middleware = new CspMiddleware($options);

Process

$response = $middleware->process($request, $handler);

This method will return a ClientResponse.