PHPackages zae/content-security-policy - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [HTTP & Networking](/categories/http) 4. / 5. zae/content-security-policy ActiveLibrary[HTTP & Networking](/categories/http) zae/content-security-policy =========================== A really easy way to build CSP headers and add them to the response. 2.5.0(5y ago)07.3k↑50%1[1 issues](https://github.com/Zae/ContentSecurityPolicy/issues)MITPHPPHP >= 7.2CI failing Since Jan 8Pushed 5y ago1 watchersCompare [ Source](https://github.com/Zae/ContentSecurityPolicy)[ Packagist](https://packagist.org/packages/zae/content-security-policy)[ RSS](/packages/zae-content-security-policy/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (6)Dependencies (5)Versions (10)Used By (0) Content Security Policy ======================= [](#content-security-policy) [![Latest Version on Packagist](https://camo.githubusercontent.com/65279c3a9920e10eb61e7f715fa7408e86e3a32d0ad385396f81646a1bd28dab/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f7a61652f636f6e74656e742d73656375726974792d706f6c6963792e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/zae/content-security-policy)[![Software License](https://camo.githubusercontent.com/55c0218c8f8009f06ad4ddae837ddd05301481fcf0dff8e0ed9dadda8780713e/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4d49542d627269676874677265656e2e7376673f7374796c653d666c61742d737175617265)](LICENSE.md)[![Total Downloads](https://camo.githubusercontent.com/0b2e6f37aa463d949c792b9f0177bd7ad1234d7257c7bbdb3807862d7ddbe30b/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f7a61652f636f6e74656e742d73656375726974792d706f6c6963792e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/zae/content-security-policy)[![codecov](https://camo.githubusercontent.com/7a4beba3624275f360512104b8017580ac64af15cd7972a430b66a71897bf0c2/68747470733a2f2f636f6465636f762e696f2f67682f5a61652f436f6e74656e745365637572697479506f6c6963792f6272616e63682f6d61737465722f67726170682f62616467652e737667)](https://codecov.io/gh/Zae/ContentSecurityPolicy) A really easy way to build CSP headers and add them to the response. Officially supported platforms: - Laravel: ^5.8 - Craft: ^3.0 Install ------- [](#install) Via Composer ``` $ composer require zae/content-security-policy ``` ### Laravel [](#laravel) #### Middleware [](#middleware) Add the middleware to the middleware Kernel. ``` protected $middlewareGroups = [ 'web' => [ ... \Zae\ContentSecurityPolicy\Laravel\Http\Middleware\ContentSecurityPolicy::class ], ] ``` #### Config (config/csp.php) [](#config-configcspphp) ``` return [ BlockAllMixedContent::class, Sandbox::class => [ Sandbox::ALLOW_FORMS, Sandbox::ALLOW_SCRIPTS, Sandbox::ALLOW_TOP_NAVIGATION, Sandbox::ALLOW_SAME_ORIGIN, Sandbox::ALLOW_POPUPS, ] ]; ``` ### Craft 3 [](#craft-3) The library includes a module for Craft 3 that can send the CSP header and a twig function to get the current CSP nonce. Register the module like this: ``` 'modules' => [ 'csp' => \Zae\ContentSecurityPolicy\Craft\Module::class, ], 'bootstrap' => [ 'csp' ] ``` Use the twig functions like this: ``` // inline javascript ``` #### Config (config/csp.php) [](#config-configcspphp-1) ``` return [ 'components' => [ 'builder' => Builder::class, ], 'params' => [ BlockAllMixedContent::class, Sandbox::class => [ Sandbox::ALLOW_FORMS, Sandbox::ALLOW_SCRIPTS, Sandbox::ALLOW_TOP_NAVIGATION, Sandbox::ALLOW_SAME_ORIGIN, Sandbox::ALLOW_POPUPS, ] ] ]; ``` ### Other [](#other) Although not officially supported yet, it's possible to use this library with other frameworks, an easy method is by using FluidDirectivesFactory. #### Fluid Factory [](#fluid-factory) ```