PHP code example of bnomei / kirby3-security-headers

1. Go to this page and download the library: Download bnomei/kirby3-security-headers library. Choose the download type require.

2. Extract the ZIP file and open the index.php.

3. Add this code to the index.php.
    
        
<?php
require_once('vendor/autoload.php');

/* Start to develop here. Best regards https://php-download.com/ */

    

bnomei / kirby3-security-headers example snippets



return [
    'bnomei.securityheaders.headers' => [
        "X-Powered-By" => "", // unset
        "X-Frame-Options" => "SAMEORIGIN",
        "X-XSS-Protection" => "1; mode=block",
        "X-Content-Type-Options" => "nosniff",
        "strict-transport-security" => "max-age=31536000; 


return [
    'bnomei.securityheaders.loader' => function () {
        // https://github.com/paragonie/csp-builder#example
        // null if you do NOT want to use default and/or just the setter
        /*
            return null;
         */
        // return path of file (json or yaml)
        // or an array of options for the cspbuilder
        /*
            return [...];
            return kirby()->roots()->site() . '/your-csp.json';
            return kirby()->roots()->site() . '/your-csp.yml';
        */
        // otherwise forward the default file from this plugin
        return __DIR__ . '/loader.json';
    },
    // other options...
];


return [
    'bnomei.securityheaders.setter' => function (\Bnomei\SecurityHeaders $instance) {
        // https://github.com/paragonie/csp-builder#build-a-content-security-policy-programmatically
        /** @var ParagonIE\CSPBuilder\CSPBuilder $csp */
        /*
            $csp = $instance->csp();
            $nonce = $instance->setNonce('my-inline-script');
            $csp->nonce('script-src', $nonce);
        */
        // in your template retrieve it again with
        /*
            $nonce = $page->nonce('my-inline-script');
            => `THIS-IS-THE-NONCE`
            $attr = $page->nonceAttr('my-inline-script');
            => `nonce="THIS-IS-THE-NONCE"`
        */
    },
    // other options...
];