Web security bundle for Symfony create by google OSS
A Symfony bundle that implements best practice for security features, including:
- Content Security Policy (CSP)
- Cross Origin Opener Policy / Cross Origin Embedder Policy (COOP/COEP)
- Fetch metadata headers
- Trusted Types
Install the package from Packagist:
composer require googlechromelabs/ise-web-security-bundle
Due to a lack of Symfony Flex recipe to do so automatically. In your projects
/config/packages folder, create
ise_web_security.yaml and populate it with the yaml config detailed below.
More Config details can be found here
The config within your Symfony project will control how the bundle works in your Application.
Below, you will find an example config for the current state of the project that will activate
the majority of the features. The
ise_web_security.yaml.dist is also an example of this file.
ise_web_security: defaults: preset: 'full' paths: '^/public': coop: active: false coep: active: false fetch_metadata: active: false '^/admin': fetch_metadata: allowed_endpoints: ['/images'] trusted_types: active: true polices: ['foo', 'bar'] require_for: ['script', 'style']
This Repo has a wiki! Check it out here
Issues and pull requests are always welcome. For details, see docs/contributing.md
This is not an officially supported Google product.