PHPackages stevenmaguire/middleware-csp - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [HTTP & Networking](/categories/http) 4. / 5. stevenmaguire/middleware-csp ActiveLibrary[HTTP & Networking](/categories/http) stevenmaguire/middleware-csp ============================ Provides support for enforcing Content Security Policy with headers in PSR 7 responses. 0.1.2(10y ago)8150.4k↓44.1%21MITPHPPHP >=5.4.0 Since Aug 5Pushed 9y ago1 watchersCompare [ Source](https://github.com/stevenmaguire/middleware-csp-php)[ Packagist](https://packagist.org/packages/stevenmaguire/middleware-csp)[ Docs](https://github.com/stevenmaguire/middleware-csp-php)[ RSS](/packages/stevenmaguire-middleware-csp/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (3)Dependencies (4)Versions (4)Used By (1) Content Security Policy Middleware ================================== [](#content-security-policy-middleware) [![Latest Version](https://camo.githubusercontent.com/c9aa4d6329a95c3c913363282317ed47293be05179a6b60ae21b0caa86af120a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f72656c656173652f73746576656e6d6167756972652f6d6964646c65776172652d6373702d7068702e7376673f7374796c653d666c61742d737175617265)](https://github.com/stevenmaguire/middleware-csp-php/releases)[![Software License](https://camo.githubusercontent.com/55c0218c8f8009f06ad4ddae837ddd05301481fcf0dff8e0ed9dadda8780713e/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4d49542d627269676874677265656e2e7376673f7374796c653d666c61742d737175617265)](LICENSE.md)[![Build Status](https://camo.githubusercontent.com/6059a15a93e255733baaa6f3ded2a6a358a5ed6903e51e9515a0f33ec2640e7a/68747470733a2f2f696d672e736869656c64732e696f2f7472617669732f73746576656e6d6167756972652f6d6964646c65776172652d6373702d7068702f6d61737465722e7376673f7374796c653d666c61742d737175617265)](https://travis-ci.org/stevenmaguire/middleware-csp-php)[![Coverage Status](https://camo.githubusercontent.com/ad0663c23e884a147387ddfb5d87db70d25aaafb99855b2c0a82ca0eeabf2c5e/68747470733a2f2f696d672e736869656c64732e696f2f7363727574696e697a65722f636f7665726167652f672f73746576656e6d6167756972652f6d6964646c65776172652d6373702d7068702e7376673f7374796c653d666c61742d737175617265)](https://scrutinizer-ci.com/g/stevenmaguire/middleware-csp-php/code-structure)[![Quality Score](https://camo.githubusercontent.com/cfd9c06279035af750a3341f0a46607c598a8eab6b1922bf5a5c52dc5bb8d018/68747470733a2f2f696d672e736869656c64732e696f2f7363727574696e697a65722f672f73746576656e6d6167756972652f6d6964646c65776172652d6373702d7068702e7376673f7374796c653d666c61742d737175617265)](https://scrutinizer-ci.com/g/stevenmaguire/middleware-csp-php)[![Total Downloads](https://camo.githubusercontent.com/ab2d93177212094e1dbdea4cd6be2b1a096174c97cb955c49f71345c10a4b639/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f73746576656e6d6167756972652f6d6964646c65776172652d6373702e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/stevenmaguire/middleware-csp) Provides support for enforcing Content Security Policy with headers in PSR 7 responses. About CSP (Content Security Policy) ----------------------------------- [](#about-csp-content-security-policy) > *The new Content-Security-Policy HTTP response header helps you reduce XSS risks on modern browsers by declaring what dynamic resources are allowed to load via a HTTP Header*. - via [content-security-policy.com](https://content-security-policy.com/) ### TL;DR from [Google](https://developers.google.com/web/fundamentals/security/csp/) [](#tldr-from-google) - Use whitelists to tell the client what's alowed and what isn't. - Learn what directives are available. - Learn the keywords they take. - Inline code and eval() are considered harmful. - Report policy violations to your server before enforcing them. Install ------- [](#install) Via Composer ``` $ composer require stevenmaguire/middleware-csp ``` Usage ----- [](#usage) Frameworks and routing layer projects may implement middleware differently. This package is designed to aid in the implementation of CSP for many of those variations provided the middleware pattern expects to provide a `Psr\Http\Message\ResponseInterface` and receive an updated `Psr\Http\Message\ResponseInterface` in return. ### Generic Example [](#generic-example) ```