middlewares/csp

Name: csp

Owner: Middlewares

Description: PSR-15 middleware to add the Content-Security-Policy header to the response

Created: 2016-10-09 09:23:09.0

Updated: 2018-02-27 15:56:08.0

Pushed: 2018-01-26 23:29:31.0

Homepage: null

Size: 30

Language: PHP

GitHub Committers

UserMost Recent Commit# Commits

Other Committers

UserEmailMost Recent Commit# Commits

README

middlewares/csp

Latest Version on Packagist Software License Build Status Quality Score Total Downloads SensioLabs Insight

Middleware to add the Content-Security-Policy header to the response using paragonie/csp-builder library. It can also handle the CSP error reports using a Psr log implementation.

Requirements
Installation

This package is installable and autoloadable via Composer as middlewares/csp.

oser require middlewares/csp
Example
ParagonIE\CSPBuilder\CSPBuilder;

 = CSPBuilder::fromFile('/path/to/source.json');

patcher = new Dispatcher([
new Middlewares\Csp($csp)


ponse = $dispatcher->dispatch(new ServerRequest());
Options
__construct(ParagonIE\CSPBuilder\CSPBuilder $builder = null)

Set the CSP header builder. See paragonie/csp-builder for more info. If it's not provided, create a generic one with restrictive directives.

report(string $path, Psr\Log\LoggerInterface $log)

Configure the report-uri and the logger used to store the CSP reports send by the browser. Example:

Monolog\Logger;
Monolog\Handler\StreamHandler;
ParagonIE\CSPBuilder\CSPBuilder;

eate the logger
ger = new Logger('csp');
ger->pushHandler(new StreamHandler(fopen('/csp-reports.txt', 'r+')));

eate the csp config
 = CSPBuilder::fromFile('/path/to/source.json');

patcher = new Dispatcher([
(new Middlewares\Csp($csp))->report('/csp-report', $logger)


ponse = $dispatcher->dispatch(new ServerRequest());
Helpers
createFromFile(string $path)

Shortcut to create instances using a json file:

patcher = new Dispatcher([
Middlewares\Csp::createFromFile(__DIR__.'/csp-config.json')
createFromData(array $data)

Shortcut to create instances using an array with data:

patcher = new Dispatcher([
Middlewares\Csp::createFromData([
    'script-src' => ['self' => true],
    'object-src' => ['self' => true],
    'frame-ancestors' => ['self' => true],
])

Please see CHANGELOG for more information about recent changes and CONTRIBUTING for contributing details.

The MIT License (MIT). Please see LICENSE for more information.

This work is supported by the National Institutes of Health's National Center for Advancing Translational Sciences, Grant Number U24TR002306. This work is solely the responsibility of the creators and does not necessarily represent the official views of the National Institutes of Health.