googlechromelabs / ise-web-security-bundle
Web security bundle for Symfony create by google OSS
Installs: 18 705
Dependents: 0
Suggesters: 0
Security: 0
Stars: 10
Watchers: 5
Forks: 4
Open Issues: 4
Type:symfony-bundle
Requires
- symfony/config: ^4.3 || ^5.1
- symfony/dependency-injection: ^4.3 ||^5.1
- symfony/framework-bundle: ^4.3 || ^5.1
- symfony/http-kernel: ^4.3 ||^5.1
Requires (Dev)
- friendsofphp/php-cs-fixer: ^2.16
- php-coveralls/php-coveralls: ^2.2
- symfony/phpunit-bridge: ^4.3 || ^5.1
This package is auto-updated.
Last update: 2024-10-24 22:38:58 UTC
README
🔐 IseWebSecurityBundle
A Symfony bundle that implements best practice for security features, including:
- Content Security Policy (CSP)
- Cross Origin Opener Policy / Cross Origin Embedder Policy (COOP/COEP)
- Fetch metadata headers
- Trusted Types
🖥️ Usage
Install the package from Packagist:
composer require googlechromelabs/ise-web-security-bundle
Due to a lack of Symfony Flex recipe to do so automatically. In your projects /config/packages folder, create ise_web_security.yaml and populate it with the yaml config detailed below.
Config
More Config details can be found here
The config within your Symfony project will control how the bundle works in your Application.
Below, you will find an example config for the current state of the project that will activate
the majority of the features. The ise_web_security.yaml.dist is also an example of this file.
ise_web_security.yaml
ise_web_security: defaults: preset: 'full' paths: '^/public': coop: active: false coep: active: false fetch_metadata: active: false '^/admin': fetch_metadata: allowed_endpoints: ['/images'] trusted_types: active: true polices: ['foo', 'bar'] require_for: ['script', 'style']
Wiki
This Repo has a wiki! Check it out here
🤝 Contributing
Issues and pull requests are always welcome. For details, see docs/contributing.md
This is not an officially supported Google product.