spaze / nonce-generator
Content Security Policy nonce generator
Installs: 3 393
Dependents: 1
Suggesters: 1
Security: 0
Stars: 6
Watchers: 3
Forks: 0
Open Issues: 0
Requires
- php: ^8.2
- latte/latte: ^3.0
- nette/application: ^3.1
- nette/di: ^3.0
Requires (Dev)
Suggests
- spaze/csp-config: Build and send Content Security Policy header, possibly including nonce, if enabled
- spaze/sri-macros: For script tags with automatically added Content Security Policy nonces, and Subresource Integrity hashes, too
README
This generates random nonces for Content Security Policy nonce attributes. These nonces work with CSP3 strict-dynamic which aims to make Content Security Policy simpler to deploy for existing applications. This package is intended to be used with Nette Framework, spaze/csp-config and spaze/sri-macros.
Usage
This is a plug and play generator.
If installed, \Spaze\ContentSecurityPolicy\Config::addDirective() from spaze/csp-config will automatically add nonce-... attribute to configured directives, and Latte macros {script ...} and {stylesheet ...} from spaze/sri-macros will add nonce="..." attribute to script and style attributes respectively. Also n:nonce shortcut will use the same generated value.
Installation
With Composer:
composer require spaze/nonce-generator
Add the extension to your configuration:
extensions: nonceGenerator: Spaze\NonceGenerator\Bridges\Nette\GeneratorExtension
Requirements
- PHP 8.2 or newer
- Latte 3.0 or newer
- Nette Application 3.1 or newer
- Nette DI 3.0 or newer
API
createNonce(): Nonce
Generates and returns a Nonce object. Use Nonce::getValue() to get the generated nonce.