Download the PHP package eugene-manuilov/phalcon-csp without Composer
On this page you can find all versions of the php package eugene-manuilov/phalcon-csp. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download eugene-manuilov/phalcon-csp
More information about eugene-manuilov/phalcon-csp
Files in eugene-manuilov/phalcon-csp
Package phalcon-csp
Short Description Content Security Policy plugin for PhalconPHP framework.
License MIT
Informations about the package phalcon-csp
Content Security Policy for Phalcon Framework
This plugin allows you to add CSP policies to your Phalcon based website. Content Security Policy (CSP) is a security standard to prevent cross-site scripting (XSS), clickjacking and other code injection attacks. Take a look at An Introduction to Content Security Policy article for more details.
Installation
Just use composer to install it:
Usage
To use CSP plugin in your site you just need to add it to the dependency injection container and register it as event listener for dispatcher events.
Now all your policies will be compiled into Content-Security-Policy
header and added to the response instance. To add a new policy you need to call addPolicy()
function which accepts policy name and a value:
If you want to specify report URL which will be used to report all violations, then you need to call setReportURI()
function.
Using Content Security Policy header you can also tell browsers that you want to upgrade all insecure requests to use its secure versions. To do it you need to use setUpgradeInsecureRequests()
function.
Assets Manager
This plugin also provides assets manager class which extends standard assets manager class and automatically gathers origins of scripts and styles added with it. It also generates nonces for inline scripts and styles.
Later on you can use it as standard assets manager class to add you scripts and styles files as well as inline blocks.