elgg / content-security-policy
An immutable content-security-policy (csp) object for PHP
Installs: 53
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 7
Forks: 0
Open Issues: 2
pkg:composer/elgg/content-security-policy
Requires
- myclabs/php-enum: ~1.3
Requires (Dev)
- phpunit/phpunit: ~4.5
This package is auto-updated.
Last update: 2023-06-02 10:10:28 UTC
README
Installation:
composer require elgg/content-security-policy
Example usage:
use Elgg\ContentSecurityPolicy\Directive; use Elgg\ContentSecurityPolicy\Header; use Elgg\ContentSecurityPolicy\Policy; use Elgg\ContentSecurityPolicy\Source; $policy = new Policy(); $policy = $policy->withSource(Directive::DEFAULT_SRC(), Source::SELF) ->withSource(Directive::IMAGE_SRC(), Source::DATA); header(Header::STANDARD . ": $policy"); // Sends "Content-Security-Policy: default-src 'self'; img-src data:"
By default, the policy blocks everything it possibly can. This is by design to ensure that your site only allows what you want to allow, not what someone else thinks is a reasonable default.
$policy = new Policy(); echo $policy; // default-src 'none'; sandbox
Features:
Elgg\ContentSecurityPolicy\Policy
 [x] Instances are immutable
 [x] Supports configuring all standard src directives
 [x] Can be stringified into standard csp format
 [x] The default policy value allows nothing