googlechromelabs/ise-web-security-bundle

Web security bundle for Symfony create by google OSS

v1.0 2020-09-01 12:55 UTC

This package is auto-updated.

Last update: 2020-09-03 11:11:45 UTC


README

Build Status Coverage Status

🔐 IseWebSecurityBundle

A Symfony bundle that implements best practice for security features, including:

  • Content Security Policy (CSP)
  • Cross Origin Opener Policy / Cross Origin Embedder Policy (COOP/COEP)
  • Fetch metadata headers
  • Trusted Types

🖥️ Usage

Install the package from Packagist:

composer require googlechromelabs/ise-web-security-bundle

Due to a lack of Symfony Flex recipe to do so automatically. In your projects /config/packages folder, create ise_web_security.yaml and populate it with the yaml config detailed below.

Config

More Config details can be found here

The config within your Symfony project will control how the bundle works in your Application. Below, you will find an example config for the current state of the project that will activate the majority of the features. The ise_web_security.yaml.dist is also an example of this file.

ise_web_security.yaml

ise_web_security:
    defaults: 
        preset: 'full'
    paths:
        '^/public':
            coop:
                active: false
            coep:
                active: false
            fetch_metadata:
                active: false
        '^/admin':
            fetch_metadata:
                allowed_endpoints: ['/images']
            trusted_types:
                active: true
                polices: ['foo', 'bar']
                require_for: ['script', 'style']

Wiki

This Repo has a wiki! Check it out here

🤝 Contributing

Issues and pull requests are always welcome. For details, see docs/contributing.md

This is not an officially supported Google product.