Download the PHP package s1syphos/kirby-sri without Composer

On this page you can find all versions of the php package s1syphos/kirby-sri. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Informations about the package kirby-sri

Kirby SRI

Release License Issues

This plugin generates base64-encoded cryptographic hashes for your css / js files based on their content and adds them to the integrity attribute of their corresponding <link> or <script> elements. It also applies cache-busting / fingerprinting.

Table of contents

What's SRI?

"Subresource Integrity (SRI) is a security feature that enables browsers to verify that files they fetch (for example, from a CDN) are delivered without unexpected manipulation. It works by allowing you to provide a cryptographic hash that a fetched file must match."

Source: Mozilla Developer Network

Enter kirby-sri: Kirby-side generated SRI hashes for safer CDN usage. Read more about CDN integration and Kirby in the docs) or over at Kirby's partner KeyCDN to get started.

This plugin only provides hash generation. For usage with CDNs, refer to Kirby's official cdn-plugin!

Getting started

Use one of the following methods to install & use kirby-sri:

Git submodule

If you know your way around Git, you can download this plugin as a submodule:

Composer

Clone or download

  1. Clone or download this repository.
  2. Unzip / Move the folder to site/plugins.

Make sure the folder name is kirby-sri.

Activate the plugin

Activate the plugin with the following line in your config.php:

Kirby's built-in helper functions css() and js() will now include an integrity attribute alongside the matching SRI hash. If you want to activate kirby-sri only on specific domains, read about multi-environment setups.

Configuration

Change kirby-sri options to suit your needs:

Option Type Default Description
plugin.kirby-sri.algorithm String sha512 Defines the cryptographic hash algorithm (currently the allowed prefixes are sha256, sha384 and sha512).
plugin.kirby-sri.crossorigin String anonymous Defines crossorigin attribute.
plugin.kirby-sri.fingerprinting Boolean true Optionally enables / disables fingerprinting.

Cache-busting / Fingerprinting

Same old, same old. If anyone comes up with a solution how subresource integrity and cache-busting / fingerprinting could be achieved by different plugins (as all of them modify Kirby's built-in helper functions css() and js()), feel free to open a PR! Otherwise, follow the next steps:

Apache

If you're using Apache as your webserver, add the following lines to your .htaccess (right after RewriteBase):

NGINX

If you're using NGINX as your webserver, add the following lines to your virtual host setup:

Note: SRI hash generation & cache-busting are not applied to external URLs!

Be safe - use protection!

Always use https:// URLs when loading subresources from a CDN, otherwise they might get blocked:

Mixed content occurs when initial HTML is loaded over a secure HTTPS connection, but other resources (such as images, videos, stylesheets, scripts) are loaded over an insecure HTTP connection. This is called mixed content because both HTTP and HTTPS content are being loaded to display the same page, and the initial request was secure over HTTPS. Modern browsers display warnings about this type of content to indicate to the user that this page contains insecure resources. Google Developers

Credits / License

kirby-sri was inspired by Kirby plugins cachebuster (by Kirby team members Bastian Allgeier and Lukas Bestle) as well as fingerprint (by Iksi). It is licensed under the next step?

Special Thanks

I'd like to thank everybody that's making great software - you people are awesome. Also I'm always thankful for feedback and bug reports :)

All versions of kirby-sri with dependencies

PHP Build Version
Package Version
Requires composer/installers Version ~1.0
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package s1syphos/kirby-sri contains the following files

Loading the files please wait ....