fyre/csp

A content security policy library.

Maintainers

Details

github.com/elusivecodes/FyreCSP

Source

Issues

Installs: 57

Dependents: 1

Suggesters: 0

Security: 0

Stars: 0

Watchers: 1

Forks: 0

Open Issues: 0

v5.0 2024-11-11 10:09 UTC

Requires

Requires (Dev)

MIT f27871848a2b32b9bfcd866ef0d6058b1215ba82

  • elusivecodes <elusivecodes.woop@gmail.com>

This package is auto-updated.

Last update: 2024-11-11 10:11:11 UTC

README

FyreCSP is a free, open-source content security policy library for PHP.

Table Of Contents

Installation

Using Composer

composer require fyre/csp

In PHP:

use Fyre\Security\ContentSecurityPolicy;

Basic Usage

$csp = new ContentSecurityPolicy();

Autoloading

It is recommended to bind the ContentSecurityPolicy to the Container as a singleton.

$container->singleton(ContentSecurityPolicy::class);

Methods

Add Headers

Add CSP headers to a ClientResponse.

$newResponse = $csp->addHeaders($response);

Clear

Clear all policies.

$csp->clear();

Create Policy

Create a Policy.

  • $key is a string representing the policy key, and should be one of either ContentSecurityPolicy::DEFAULT or ContentSecurityPolicy::REPORT.
  • $directives is an array containing the directives to add, and will default to [].
$csp->createPolicy($key, $directives);

Get Policy

Get a Policy.

  • $key is a string representing the policy key, and should be one of either ContentSecurityPolicy::DEFAULT or ContentSecurityPolicy::REPORT.
$policy = $csp->getPolicy($key);

Get Policies

Get all policies.

$policies = $csp->getPolicies();

Get Report To

Get the Report-To values.

$reportTo = $csp->getReportTo();

Has Policy

Determine whether a policy exists.

  • $key is a string representing the policy key, and should be one of either ContentSecurityPolicy::DEFAULT or ContentSecurityPolicy::REPORT.
$hasPolicy = $csp->hasPolicy($key);

Set Policy

Set a policy.

  • $key is a string representing the policy key, and should be one of either ContentSecurityPolicy::DEFAULT or ContentSecurityPolicy::REPORT.
  • $policy is a Policy.
$csp->setPolicy($key, $policy);

Set Report To

Set the Report-To values.

  • $reportTo is an array containing the Report-To values.
$csp->setReportTo($reportTo);

Policies

Add Directive

Add options to a directive.

  • $directive is a string representing the directive.
  • $value is a string, or an array of strings containing the values to add. For directives that don't require values, you can set this to true or false indicating whether to include the directive.
$newPolicy = $policy->addDirective($directive, $value);

Get Directive

Get the options for a directive.

  • $directive is a string representing the directive.
$options = $policy->getDirective($directive);

Get Header

Get the header string.

$header = $policy->getHeader();

Has Directive

Determine whether a directive exists.

  • $directive is a string representing the directive.
$hasDirective = $policy->hasDirective($directive);

Remove Directive

Remove a directive.

  • $directive is a string representing the directive.
$newPolicy = $policy->removeDirective($directive);

Middleware

use Fyre\Security\Middleware\CspMiddleware;
  • $container is a Container.
  • $options is an array containing options for the ContentSecurityPolicy.
    • default is an array containing the policy directives, and will default to [].
    • report is an array containing the report-only directives, and will default to null.
    • reportTo is an array containing the Report-To header value, and will default to [].
$middleware = new CspMiddleware($container, $options);

Any dependencies will be injected automatically when loading from the Container.

$middleware = $container->build(CspMiddleware::class, ['options' => $options]);

Handle

Handle a ServerRequest.

$response = $middleware->handle($request, $next);

This method will return a ClientResponse.