Download the PHP package codebar-ag/laravel-feature-policy without Composer
On this page you can find all versions of the php package codebar-ag/laravel-feature-policy. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download codebar-ag/laravel-feature-policy
More information about codebar-ag/laravel-feature-policy
Files in codebar-ag/laravel-feature-policy
Package laravel-feature-policy
Short Description Add Feature-Policy headers to the responses of a Laravel app
License MIT
Informations about the package laravel-feature-policy
Set Permissions-Policy headers in a Laravel app
This package is strongly inspired by Spaties laravel-csp package. Thanks to Freek van der Herten and Thomas Verhelst for creating such an awesome package and doing all the heavy lifting!
With Permissions-Policy you can control which web platform permissions to allow and disallow within your web applications. Permissions-Policy is a Security Header (like Content-Security-Policy) that is brand new. The list of things you can restrict isn't final yet, I'll add them in time when the specification evolves.
Installation
You should install this package via composer:
Next, publish the config file:
The contents of the config/feature-policy.php
file look like this:
Middleware
You can add Feature-Policy headers to all responses by registering CodebarAg\FeaturePolicy\AddFeaturePolicyHeaders::class
in the HTTP kernel:
Alternatively you can add the middleware to a single route and route group:
You could even pass a policy as a parameter and override the policy specified in the config file:
Usage
This package allows you to define Permissions-Policy policies. A Feature-Policy policy determines which Permissions-Policy directives will be set in the headers of the response.
An example of a Permissions-Policy directive is microphone
:
Permissions-Policy: microphone=(self "https://spatie.be")
In the above example by specifying microphone
and allowing it for self
makes the permission disabled for all origins except our own and https://spatie.be.
The full list of directives isn't final yet, but here are some of the things you have access to:
- accelerometer
- ambient-light-sensor
- autoplay
- camera
- encrypted-media
- fullscreen
- geolocation
- gyroscope
- magnetometer
- microphone
- midi
- payment
- picture-in-picture
- speaker
- usb
- vr
You can find the feature definitions at https://github.com/WICG/feature-policy/blob/master/features.md
You can add multiple policy options as an array or as a single string with space-separated options:
Creating Policies
The policy
key of the feature-policy
config file is set to CodebarAg\FeaturePolicy\Policies\Basic::class
by default, which allows your site to use a few of the available features. The class looks like this:
Let's say you're happy with allowing geolocation
and fullscreen
but also wanted to add www.awesomesite.com
to gain access to this feature, then you can easily extend the class:
Don't forget to change the policy
key in the feature-policy
config file to the class name fo your policy (e.g. App\Services\Policies\MyFeaturePolicy
).
Testing
You can run all tests with:
Changelog
Please see CHANGELOG for more information what has changed recently.
Contributing
Please see CONTRIBUTING for details.
Security
If you discover any security related issues please email [email protected] instead of using the issue tracker.
Credits
Support
If you like this package please feel free to star it.
License
The MIT License (MIT). Please see LICENSE for more information.
All versions of laravel-feature-policy with dependencies
illuminate/http Version ^9.0|^10.0
illuminate/support Version ^9.0|^10.0
laravel/pint Version ^1.6