Middleware to add the Content-Security-Policy header to the response

v2.0.0 2018-08-04 10:41 UTC

README

Latest Version on Packagist Software License Build Status Quality Score Total Downloads SensioLabs Insight

Middleware to add the Content-Security-Policy header to the response using paragonie/csp-builder library. It can also handle the CSP error reports using a Psr log implementation.

Requirements

Installation

This package is installable and autoloadable via Composer as middlewares/csp.

composer require middlewares/csp

Example

use ParagonIE\CSPBuilder\CSPBuilder;

$csp = CSPBuilder::fromFile('/path/to/source.json');

$dispatcher = new Dispatcher([
	new Middlewares\Csp($csp)
]);

$response = $dispatcher->dispatch(new ServerRequest());

Options

__construct(ParagonIE\CSPBuilder\CSPBuilder $builder = null)

Set the CSP header builder. See paragonie/csp-builder for more info. If it's not provided, create a generic one with restrictive directives.

Helpers

createFromFile(string $path)

Shortcut to create instances using a json file:

$dispatcher = new Dispatcher([
    Middlewares\Csp::createFromFile(__DIR__.'/csp-config.json')
]);

createFromData(array $data)

Shortcut to create instances using an array with data:

$dispatcher = new Dispatcher([
    Middlewares\Csp::createFromData([
        'script-src' => ['self' => true],
        'object-src' => ['self' => true],
        'frame-ancestors' => ['self' => true],
    ])
]);

Please see CHANGELOG for more information about recent changes and CONTRIBUTING for contributing details.

The MIT License (MIT). Please see LICENSE for more information.