Search by 
kronos / csp
A Content-Security-Policy header builder
Maintainers
v2.4.0
2026-02-26 21:14 UTC
Requires
- php: ^8.4 || ^8.5
Requires (Dev)
- cyclonedx/cyclonedx-php-composer: 6.2.0
- dealerdirect/phpcodesniffer-composer-installer: 1.2.0
- kronostechnologies/php-coding-standard: 2.1.0
- phpcompatibility/php-compatibility: dev-develop#8daeec54772a592ad369be23ae02ed593c71e7f1 as 10.0.0
- phpunit/phpunit: 13.0.5
- squizlabs/php_codesniffer: 4.0.1
- vimeo/psalm: 6.15.1
README
A PHP Content-Security-Policy header generator library.
Usage
Using the Builder:
$factory = new \Kronos\ContentSecurityPolicy\Factory(); $builder = $factory->createContentSecurityPolicyBuilder(); $builder->setDefaultSrc(\Kronos\ContentSecurityPolicy\Policy::FETCH_NONE); $policy = $builder->getContentSecurityPolicy(); header($policy->getHeader());
Using the PolicyDirectorInterface:
Director class:
use Kronos\ContentSecurityPolicy\Factory; use Kronos\ContentSecurityPolicy\Policy; use Kronos\ContentSecurityPolicy\PolicyDirectorInterface; class Director implements PolicyDirectorInterface { /** @var Factory */ protected $factory; ... /** * @param Factory $factory * ... */ public function __construct(Factory $factory, ...) { $this->factory = $factory; ... } public function buildContentSecurityPolicy() { $builder = $this->factory->createContentSecurityPolicyBuilder(); $builder->setDefaultSrc([Policy::FETCH_NONE]); $builder->setObjectSrc([Policy::FETCH_NONE]); $builder->setStyleSrc([ 'mysite.example/css', 'fonts.googleapis.com', 'fonts.gstatic.com', Policy::FETCH_UNSAFE_INLINE ]); $builder->setFontSrc([ 'mysite.example/fonts', 'fonts.googleapis.com', Policy::FETCH_UNSAFE_INLINE ]); $builder->setFrameAncestors([Policy::FETCH_NONE]); $builder->setReportUri('mysite.example/api/csp-report/'); $builder->setReportOnly(); return $builder->getContentSecurityPolicy(); } }
Code:
$factory = new \Kronos\ContentSecurityPolicy\Factory(); $director = new Director($factory); $policy = $director->buildContentSecurityPolicy(); header($policy->getHeader());