oihana/php-middleware

Composable PHP middleware helpers โ€” security headers (HSTS, CSP, X-Frame-Options, Referrer-Policy, X-Content-Type-Options), CORS with preflight, CSRF, request-id, maintenance mode, rate limiting. PSR-7 compatible, zero magic strings.

Maintainers

Package info

github.com/BcommeBois/oihana-php-middleware

pkg:composer/oihana/php-middleware

Statistics

Installs: 5

Dependents: 1

Suggesters: 0

Stars: 0

Open Issues: 0

Security

Advisories: 0

Aikido package health analysis

0.3.0 2026-05-27 16:54 UTC

Requires

Requires (Dev)

Suggests

  • oihana/php-memcached: Provides MemcachedRateLimitStore (production-grade backend for enforceRateLimit()).

MPL-2.0 abaefe0bdc802e87dc8a93a682cfc6ba9cdeb480

phphttpsecuritycorsmiddlewaremaintenancecsrfcsppsr-7hstsrequest-idrate-limitingrate-limitsecurity-headers

This package is auto-updated.

Last update: 2026-05-27 16:54:49 UTC

README

Oihana PHP Middleware

Composable PHP HTTP middleware helpers. Part of the Oihana PHP ecosystem, this package ships procedural helpers to build typed security-headers responses and apply CORS with preflight handling โ€” PSR-7 compatible, zero magic strings.

Latest Version Total Downloads License

๐Ÿ“š Documentation

Full API reference (generated with phpDocumentor): https://bcommebois.github.io/oihana-php-middleware

User guides (FR + EN) live under wiki/.

๐Ÿ“ฆ Installation

Requires PHP 8.4+. Install via Composer:

composer require oihana/php-middleware

โœจ What you can do

Security headers

  • withSecurityHeaders() โ€” single helper to apply HSTS, Content-Security-Policy, X-Frame-Options, Referrer-Policy, X-Content-Type-Options to a PSR-7 Response in one call. Typed values via ReferrerPolicy and FrameOptions enums โ€” no magic strings.
  • buildCspHeader() โ€” compose a Content-Security-Policy value from an associative array of directives. CspDirective enum exposes the canonical directive names.

CORS

  • applyCorsHeaders() โ€” origin allowlist with configurable methods, headers, exposed headers, credentials and max-age. Handles the preflight OPTIONS request automatically. Defensive defaults: no * when credentials = true, Vary: Origin added when the allowlist is dynamic.

Under the hood

  • Pure PSR-7 โ€” no framework lock-in. Works with Slim, Laravel, Symfony HTTP Foundation (via PSR-7 bridge), Hyperf, RoadRunner, etc.
  • Built on oihana/php-http primitives (isHttpsRequest, etc.) and oihana/php-enums typed HTTP header constants.

โœ… Running tests

Run all tests:

composer test

๐Ÿ› ๏ธ Generate the documentation

composer doc

๐Ÿงพ License

Licensed under the Mozilla Public License 2.0 (MPLโ€‘2.0).

๐Ÿ‘ค About the author

  • Author: Marc ALCARAZ (aka eKameleon)
  • Email: marc@ooop.fr
  • Website: https://www.ooop.fr

๐Ÿ”— Related packages

Package Description
oihana/php-http Composable PHP HTTP primitives (client IP detection, signed URLs, cookies, content negotiation, โ€ฆ) consumed by this library.
oihana/php-enums Typed HTTP constants (HttpHeader, โ€ฆ).