| Package Data | |
|---|---|
| Maintainer Username: | Zae |
| Maintainer Contact: | ezra@tsdme.nl (Ezra Pool) |
| Package Create Date: | 2017-01-08 |
| Package Last Update: | 2020-09-21 |
| Home Page: | |
| Language: | PHP |
| License: | MIT |
| Last Refreshed: | 2025-10-22 15:01:13 |
| Package Statistics | |
|---|---|
| Total Downloads: | 7,152 |
| Monthly Downloads: | 32 |
| Daily Downloads: | 2 |
| Total Stars: | 0 |
| Total Watchers: | 1 |
| Total Forks: | 1 |
| Total Open Issues: | 1 |
A really easy way to build CSP headers and add them to the response.
Via Composer
$ composer require zae/content-security-policy
Add the service provider to the app.php file.
Add the middleware to the middleware Kernel.
return [
BlockAllMixedContent::class,
Sandbox::class => [
Sandbox::ALLOW_FORMS,
Sandbox::ALLOW_SCRIPTS,
Sandbox::ALLOW_TOP_NAVIGATION,
Sandbox::ALLOW_SAME_ORIGIN,
Sandbox::ALLOW_POPUPS,
]
];
Although not officially supported yet, it's possible to use this library with other frameworks, an easy method is by using FluidDirectivesFactory.
<?php
$csp = new CSP();
$factory = new FluidDirectivesFactory($csp);
$factory
->blockAllMixedContent()
->defaultSrc([
Directive::SELF,
'https:'
])
->baseUri([
Directive::SELF
]);
Please see CHANGELOG for more information on what has changed recently.
Please see CONTRIBUTING for details.
If you discover any security related issues, please email ezra@tsdme.nl instead of using the issue tracker.
The MIT License (MIT). Please see License File for more information.