Download the PHP package bnomei/kirby3-security-headers without Composer
On this page you can find all versions of the php package bnomei/kirby3-security-headers. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download bnomei/kirby3-security-headers
More information about bnomei/kirby3-security-headers
Files in bnomei/kirby3-security-headers
Package kirby3-security-headers
Short Description Kirby Plugin for easier Security Headers setup
License MIT
Informations about the package kirby3-security-headers
Kirby Content Security Policy Header
Kirby Plugin for easier Security Headers setup.
🔐 Why should you use this plugin? Because security matters. Protecting your own or your clients websites and their customers data is important.
Installation
- unzip master.zip as folder
site/plugins/kirby3-security-headers
or git submodule add https://github.com/bnomei/kirby3-security-headers.git site/plugins/kirby3-security-headers
orcomposer require bnomei/kirby3-security-headers
Setup
Automatic
A route:before
-hook takes care of setting the headers automatically unless one of the following conditions applies:
- Kirbys global debug mode is
true
- Kirby determins it is a local setup
- the plugins setting
enabled
is set tofalse
Header
The following headers will be applied by default, you do not need to set them explicitly. You can override them in the config file.
/site/config/config.php
Loader
The Loader is used to initally create the CSPBuilder object with a given set of data. You skip that, forward a file to load, provide an array or use the default loader file. Using a custom file is recommended when for example adding additional font-src for google web fonts.
/site/config/config.php
Setter
The Setter is applied after the Loader. Use it to add dynamic stuff like hashes and nonces.
/site/config/config.php
TIP: nonces are set in the
setter
and later retrieved using$page->nonce(...)
or$page->nonceAttr(...)
.
Panel and Frontend Nonces
This plugin automatically registers Kirbys nonce for the panel. For convenience it also provides you with a single frontend nonce to use as attribute in <link>
, <style>
and <script>
elements. You can retrieve the nonce with site()->nonce()
and the full attribute with site()->nonceAttr()
.
TIP: The srcset plugin uses that frontend nonce as well.
Settings
bnomei.securityheaders. | Default | Description |
---|---|---|
enabled | true or false or 'force' |
will set headers |
seed | callback |
returns a seed for frontend nonce |
headers | array |
of sensible default values. modify as needed. |
loader | callback |
returning filepath or array |
setter | callback |
instance which allows customizing the CSPBuilder |
Dependencies
Disclaimer
This plugin is provided "as is" with no guarantee. Use it at your own risk and always test it yourself before using it in a production environment. If you find any issues, please create a new issue.
License
It is discouraged to use this plugin in any project that promotes racism, sexism, homophobia, animal abuse, violence or any other form of hate speech.
All versions of kirby3-security-headers with dependencies
getkirby/composer-installer Version ^1.2
paragonie/csp-builder Version ^3.0