ronanchilvers / silex-middleware
Some useful middleware for silex
Requires
- silex/silex: ^2.2
This package is auto-updated.
Last update: 2024-12-12 11:51:26 UTC
README
A collection of middleware for use with Silex.
Installation
composer require ronanchilvers/silex-middleware
Configuration
Configuration details varies depending on the middleware in use. See the notes below for specifics.
Available Middlewares
Content Security Policy
This middleware allows you to add a Content-Security-Policy header to responses. It uses the paragonie/csp-builder
library to build the headers. You can pass your policy as an array as the first constructor argument.
$app->after( new Ronanchilvers\Silex\Middleware\ContentSecurityPolicy([ 'default-src' => [ 'self' => true, 'unsafe-inline' => true, ], 'style-src' => [ 'allow' => [ 'https://fonts.googleapis.com' ], 'self' => true, 'unsafe-inline' => true, ], 'font-src' => [ 'allow' => [ 'https://fonts.gstatic.com/' ], 'self' => true ], 'report-only' => true, ]) );
Referrer Policy
This middleware adds a Referrer-Policy header to responses. This header has a single policy directive as its value which must be one of:
- <empty string>
- no-referrer
- no-referrer-when-downgrade
- same-origin
- origin
- strict-origin
- origin-when-cross-origin
- strict-origin-when-cross-origin
- unsafe-url
The exact meaning of each of these is explained in this blog post by Scott Helme as well as on the w3.org official specification.
// This adds the middleware with a default 'no-referrer' policy $app->after(new Ronanchilvers\Silex\ReferrerPolicy()); // This specifies the 'strict-origin' policy $app->after(new Ronanchilvers\Silex\ReferrerPolicy('strict-origin'));
Strict Transport Security
This middleware adds HSTS or Strict Transport Security headers to every response.
// Add with defaults $app->after(new Ronanchilvers\Silex\Middleware\StrictTransportSecurity()); // Or - set the max-age to 1 day / 86400 seconds $app->after(new Ronanchilvers\Silex\Middleware\StrictTransportSecurity(86400));
The middleware accepts two constructor arguments:
- Max age in seconds - defaults to 15552000 seconds or 6 months
- Include sub domains - defaults to false