ronanchilvers/silex-middleware

Some useful middleware for silex

Maintainers

Details

github.com/ronanchilvers/silex-middleware

Source

Issues

Installs: 937

Dependents: 0

Suggesters: 0

Security: 0

Stars: 1

Watchers: 3

Forks: 0

Open Issues: 0

1.3 2019-01-11 22:01 UTC

Requires

MIT de1d270bf46328da019ea4863b94c475e1ec7cac

  • Ronan Chilvers <ronan.woop@thelittledot.com>

This package is auto-updated.

Last update: 2024-04-12 10:27:44 UTC

README

A collection of middleware for use with Silex.

Installation

composer require ronanchilvers/silex-middleware

Configuration

Configuration details varies depending on the middleware in use. See the notes below for specifics.

Available Middlewares

Content Security Policy

This middleware allows you to add a Content-Security-Policy header to responses. It uses the paragonie/csp-builder library to build the headers. You can pass your policy as an array as the first constructor argument.

$app->after(
    new Ronanchilvers\Silex\Middleware\ContentSecurityPolicy([
        'default-src' => [
            'self' => true,
            'unsafe-inline' => true,
        ],
        'style-src' => [
            'allow' => [
                'https://fonts.googleapis.com'
            ],
            'self' => true,
            'unsafe-inline' => true,
        ],
        'font-src' => [
            'allow' => [
                'https://fonts.gstatic.com/'
            ],
            'self' => true
        ],
        'report-only' => true,
    ])
);

Referrer Policy

This middleware adds a Referrer-Policy header to responses. This header has a single policy directive as its value which must be one of:

  • <empty string>
  • no-referrer
  • no-referrer-when-downgrade
  • same-origin
  • origin
  • strict-origin
  • origin-when-cross-origin
  • strict-origin-when-cross-origin
  • unsafe-url

The exact meaning of each of these is explained in this blog post by Scott Helme as well as on the w3.org official specification.

// This adds the middleware with a default 'no-referrer' policy
$app->after(new Ronanchilvers\Silex\ReferrerPolicy());

// This specifies the 'strict-origin' policy
$app->after(new Ronanchilvers\Silex\ReferrerPolicy('strict-origin'));

Strict Transport Security

This middleware adds HSTS or Strict Transport Security headers to every response.

// Add with defaults
$app->after(new Ronanchilvers\Silex\Middleware\StrictTransportSecurity());

// Or - set the max-age to 1 day / 86400 seconds
$app->after(new Ronanchilvers\Silex\Middleware\StrictTransportSecurity(86400));

The middleware accepts two constructor arguments:

  • Max age in seconds - defaults to 15552000 seconds or 6 months
  • Include sub domains - defaults to false