erickjmenezes / policyman
CSP manager
Installs: 2
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
pkg:composer/erickjmenezes/policyman
Requires
- php: ^8.3
Requires (Dev)
- mrsuh/php-bison-skeleton: ^1.2
- pestphp/pest: ^2.35
- phpstan/phpstan: ^1.12
This package is auto-updated.
Last update: 2025-10-07 22:34:02 UTC
README
A Content-Security-Policy (CSP) header parser and builder.
Instalation
composer install erickjmenezes/policyman
Building a CSP header:
use ErickJMenezes\Policyman\Policyman; use ErickJMenezes\Policyman\Keyword; $header = Policyman::builder() ->defaultSrc([Keyword::Self]) ->scriptSrc([Keyword::Self, Keyword::UnsafeEval, Keyword::UnsafeInline, 'trusted-cdn.com']) ->styleSrc([Keyword::Self, 'trusted-cdn.com']) ->toString(); // Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' trusted-cdn.com; style-src 'self' trusted-cdn.com
Parsing and editing an existing CSP header string:
use ErickJMenezes\Policyman\Policyman; use ErickJMenezes\Policyman\ContentSecurityPolicy; use ErickJMenezes\Policyman\Policy; use ErickJMenezes\Policyman\Keyword; use ErickJMenezes\Policyman\Directive; // Example header. $header = "Content-Security-Policy: img-src 'self' data:; object-src 'none'"; // Parsing to an object. /** @var ContentSecurityPolicy $csp */ $csp = Policyman::parse($header); // Adding script-src directive. $csp->add(new Policy(Directive::ScriptSrc, [Keyword::Self, 'example.com'])); $csp->find(Directive::ImgSrc)->add('example.com'); // Convert it back to a string. $newHeader = Policyman::serialize($csp); // Content-Security-Policy: img-src 'self' data: example.com; object-src 'none'; script-src 'self' example.com
Validation:
use ErickJMenezes\Policyman\Policyman; Policyman::validate("Content-Security-Policy: default_src 'self'"); // false Policyman::validate("Content-Security-Policy: default-src 'self'"); // true