spaze / nonce-generator
Content Security Policy nonce generator
Installs: 3 389
Dependents: 1
Suggesters: 1
Security: 0
Stars: 6
Watchers: 3
Forks: 0
Open Issues: 0
Requires
- php: ^8.2
- latte/latte: ^3.0
- nette/application: ^3.1
- nette/di: ^3.0
Requires (Dev)
Suggests
- spaze/csp-config: Build and send Content Security Policy header, possibly including nonce, if enabled
- spaze/sri-macros: For script tags with automatically added Content Security Policy nonces, and Subresource Integrity hashes, too
README
This generates random nonces for Content Security Policy nonce attributes. These nonces work with CSP3 strict-dynamic
which aims to make Content Security Policy simpler to deploy for existing applications. This package is intended to be used with Nette Framework, spaze/csp-config
and spaze/sri-macros
.
Usage
This is a plug and play generator.
If installed, \Spaze\ContentSecurityPolicy\Config::addDirective()
from spaze/csp-config
will automatically add nonce-...
attribute to configured directives, and Latte macros {script ...}
and {stylesheet ...}
from spaze/sri-macros
will add nonce="..."
attribute to script
and style
attributes respectively. Also n:nonce
shortcut will use the same generated value.
Installation
With Composer:
composer require spaze/nonce-generator
Add the extension to your configuration:
extensions: nonceGenerator: Spaze\NonceGenerator\Bridges\Nette\GeneratorExtension
Requirements
- PHP 8.2 or newer
- Latte 3.0 or newer
- Nette Application 3.1 or newer
- Nette DI 3.0 or newer
API
createNonce(): Nonce
Generates and returns a Nonce
object. Use Nonce::getValue()
to get the generated nonce.