Skip to content
/ csp Public
forked from mrtnzlml-archive/csp

Content Security Policy for Nette Framework

zlml.cz/
0 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

matejg/csp

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
src
src
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
.travis.yml
.travis.yml
 
 
README.md
README.md
 
 
composer.json
composer.json
 
 
ruleset.xml
ruleset.xml
 
 

Repository files navigation

Content Security Policy for Nette Framework

Build Status

Please read this:

This library introduces simple CSP extension for DIC which help you to secure your application:

extensions:
  csp: Adeira\ContentSecurityPolicyExtension

There are a lot of configuration options. These are the default ones:

csp:
  enabled: yes
  report-only: no
  default-src: self
  script-src: * unsafe-inline unsafe-eval
  style-src: * unsafe-inline
  img-src: self data:
  connect-src: self
  font-src: *
  object-src: *
  media-src: *
  report-uri: NULL
  child-src: *
  form-action: self
  frame-ancestors: self

You can also use arrays in configuration:

csp:
  default-src: self
  script-src:
    - *
    - unsafe-inline
    - unsafe-eval

If enabled, it will send Content-Security-Policy or Content-Security-Policy-Report-Only header in report-only mode. You can setup whatever values you want in config. report-uri should be relative URL:

csp:
	report-uri: api/v1/csp_report

And remember, you can use report-only mode only if there is report-uri specified.

About

Content Security Policy for Nette Framework

zlml.cz/

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

4 tags

Packages

No packages published

Languages

  • PHP 100.0%