kronos / csp
A Content-Security-Policy header builder
Installs: 115 479
Dependents: 0
Suggesters: 0
Security: 0
Stars: 1
Watchers: 17
Forks: 0
Open Issues: 1
Requires
- php: ^7.4 || ^8.1
Requires (Dev)
- cyclonedx/cyclonedx-php-composer: 3.10.0
- dealerdirect/phpcodesniffer-composer-installer: 0.7.2
- phpcompatibility/php-compatibility: 9.3.5
- phpunit/phpunit: 9.5.20
- vimeo/psalm: 4.23.0
This package is not auto-updated.
Last update: 2024-04-19 09:24:28 UTC
README
A PHP Content-Security-Policy header generator library.
Usage
Using the Builder:
$factory = new \Kronos\ContentSecurityPolicy\Factory(); $builder = $factory->createContentSecurityPolicyBuilder(); $builder->setDefaultSrc(\Kronos\ContentSecurityPolicy\Policy::FETCH_NONE); $policy = $builder->getContentSecurityPolicy(); header($policy->getHeader());
Using the PolicyDirectorInterface:
Director class:
use Kronos\ContentSecurityPolicy\Factory; use Kronos\ContentSecurityPolicy\Policy; use Kronos\ContentSecurityPolicy\PolicyDirectorInterface; class Director implements PolicyDirectorInterface { /** @var Factory */ protected $factory; ... /** * @param Factory $factory * ... */ public function __construct(Factory $factory, ...) { $this->factory = $factory; ... } public function buildContentSecurityPolicy() { $builder = $this->factory->createContentSecurityPolicyBuilder(); $builder->setDefaultSrc([Policy::FETCH_NONE]); $builder->setObjectSrc([Policy::FETCH_NONE]); $builder->setStyleSrc([ 'mysite.example/css', 'fonts.googleapis.com', 'fonts.gstatic.com', Policy::FETCH_UNSAFE_INLINE ]); $builder->setFontSrc([ 'mysite.example/fonts', 'fonts.googleapis.com', Policy::FETCH_UNSAFE_INLINE ]); $builder->setFrameAncestors([Policy::FETCH_NONE]); $builder->setReportUri('mysite.example/api/csp-report/'); $builder->setReportOnly(); return $builder->getContentSecurityPolicy(); } }
Code:
$factory = new \Kronos\ContentSecurityPolicy\Factory(); $director = new Director($factory); $policy = $director->buildContentSecurityPolicy(); header($policy->getHeader());