elgg / content-security-policy
This package is abandoned and no longer maintained.
No replacement package was suggested.
An immutable content-security-policy (csp) object for PHP
v1.0.0
2015-03-18 20:42 UTC
Requires
- myclabs/php-enum: ~1.3
Requires (Dev)
- phpunit/phpunit: ~4.5
This package is auto-updated.
Last update: 2023-06-02 10:10:28 UTC
README
Installation:
composer require elgg/content-security-policy
Example usage:
use Elgg\ContentSecurityPolicy\Directive; use Elgg\ContentSecurityPolicy\Header; use Elgg\ContentSecurityPolicy\Policy; use Elgg\ContentSecurityPolicy\Source; $policy = new Policy(); $policy = $policy->withSource(Directive::DEFAULT_SRC(), Source::SELF) ->withSource(Directive::IMAGE_SRC(), Source::DATA); header(Header::STANDARD . ": $policy"); // Sends "Content-Security-Policy: default-src 'self'; img-src data:"
By default, the policy blocks everything it possibly can. This is by design to ensure that your site only allows what you want to allow, not what someone else thinks is a reasonable default.
$policy = new Policy(); echo $policy; // default-src 'none'; sandbox
Features:
Elgg\ContentSecurityPolicy\Policy
[x] Instances are immutable
[x] Supports configuring all standard src directives
[x] Can be stringified into standard csp format
[x] The default policy value allows nothing