Download the PHP package aubes/csp-bundle without Composer
On this page you can find all versions of the php package aubes/csp-bundle. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Informations about the package csp-bundle
Content Security Policy Bundle
This Symfony bundle provides helper to configure Content-Security-Policy headers.
It is compatible with :
- PHP 7.4
- Symfony 5.4
Installation
Configuration
The configuration looks as follows :
Usage
Add CSP Headers
Auto default
If the auto_default
configuration is enabled, the default group is injected in each response.
To disabled CSP on specific route:
Manually
Add on the fly directive
Source nonce
Twig functions are available to add inline nonceable element nonce
in your template.
csp_nonce
Arguments:
- directive: name of the csp directive # required
- groupName: Group name, default group is used if not defined
- nonce: base 64 nonce id
csp_script_nonce
Arguments:
- groupName: Group name, default group is used if not defined
- nonce: base 64 nonce id
csp_style_nonce
Arguments:
- groupName: Group name, default group is used if not defined
- nonce: base 64 nonce id
Report
Configuration
Enable report-to in the configuration :
Build-in controller
A build-in controller can log report (path: /csp-report/{group}
, name: csp_report
)
To use the build-in controller to log reports :
Add the route in a report :
Build-in controller Logger
To configure the Logger of this controller :
All versions of csp-bundle with dependencies
symfony/framework-bundle Version ^5.4 |^6.0
symfony/polyfill-php80 Version ^1.0
symfony/http-foundation Version ^5.4 |^6.0
symfony/http-kernel Version ^5.4 |^6.0
symfony/twig-bundle Version ^5.4 |^6.0