Download the PHP package hyperia/yii2-secure-headers without Composer

On this page you can find all versions of the php package hyperia/yii2-secure-headers. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Informations about the package yii2-secure-headers

Yii2 security headers extension

Build Status codecov GitHub license Latest Stable Version

Add security related headers to HTTP response. The package includes extension for easy Yii2 integration.

Installation

The preferred way to install this extension is through composer.

Either run

or add

to the require section of your composer.json.

Configuration (usage)

Parameter description

Source Value Example Description
* img-src * Wildcard, allows any URL except data: blob: filesystem: schemes.
'none' object-src 'none' Prevents loading resources from any source.
'self' script-src 'self' Allows loading resources from the same origin (same scheme, host and port).
data: img-src 'self' data: Allows loading resources via the data scheme (eg Base64 encoded images).
domain.example.com img-src domain.example.com Allows loading resources from the specified domain name.
*.example.com img-src *.example.com Allows loading resources from any subdomain under example.com.
https://cdn.com img-src https://cdn.com Allows loading resources only over HTTPS matching the given domain.
https: img-src https: Allows loading resources only over HTTPS on any domain.
'unsafe-inline' script-src 'unsafe-inline' Allows use of inline source elements such as style attribute, onclick, or script tag bodies (depends on the context of the source it is applied to)
'unsafe-eval' script-src 'unsafe-eval' Allows unsafe dynamic code evaluation such as JavaScript eval()
false prefetch-src false Exclude the property from the directive array to avoid deprecated warning/error from browsers

Policy

Each header has a reference link in config file, you should read it if you do not know the header. If you want to disable a string type header, just set to null or empty string.

Content Security Policy

We use paragonie/csp-builder to help us support csp header. If you want to disable csp header, set custom-csp to empty string.

Subresource Integrity

If you want to require subresource integrity for style and script sources set requireSriForStyle and requireSriForScript to true

Feature Policy

Deprecated. Use Permissions Policy instead. Feature Policy is being created to allow site owners to enable and disable certain web platform features on their own pages and those they embed. Use same directives as for CSP

Permissions Policy

Permissions Policy is new policy which will replace Feature Policy

Additional Resources

Everything you need to know about HTTP security headers


All versions of yii2-secure-headers with dependencies

PHP Build Version
Package Version
Requires php Version >=7.2
yiisoft/yii2 Version *
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package hyperia/yii2-secure-headers contains the following files

Loading the files please wait ....