spaze/nonce-generator

Content Security Policy nonce generator

v4.0.1 2023-09-20 01:39 UTC

This package is auto-updated.

Last update: 2024-03-28 15:56:05 UTC


README

PHP Tests

This generates random nonces for Content Security Policy nonce attributes. These nonces work with CSP3 strict-dynamic which aims to make Content Security Policy simpler to deploy for existing applications. This package is intended to be used with Nette Framework, spaze/csp-config and spaze/sri-macros.

Usage

This is a plug and play generator.

If installed, \Spaze\ContentSecurityPolicy\Config::addDirective() from spaze/csp-config will automatically add nonce-... attribute to configured directives, and Latte macros {script ...} and {stylesheet ...} from spaze/sri-macros will add nonce="..." attribute to script and style attributes respectively. Also n:nonce shortcut will use the same generated value.

Installation

With Composer:

composer require spaze/nonce-generator

Add the extension to your configuration:

extensions:
	nonceGenerator: Spaze\NonceGenerator\Bridges\Nette\GeneratorExtension

Requirements

  • PHP 8.2 or newer
  • Latte 3.0 or newer
  • Nette Application 3.1 or newer
  • Nette DI 3.0 or newer

API

createNonce(): Nonce

Generates and returns a Nonce object. Use Nonce::getValue() to get the generated nonce.