Download the PHP package spaze/csp-config without Composer

On this page you can find all versions of the php package spaze/csp-config. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Informations about the package csp-config

csp-config

Build Content Security Policy from a config file. Supports different policy per page or module, and snippets you can add dynamically, if needed.

PHP Tests

The library is designed to be usable with any framework (or without one) but comes with a bridge for Nette Framework.

Please note that this library will only build the header value and you still need to send the header yourself!

Installation

The best way to install the library is using Composer:

Nette Framework configuration

If you're using Nette Framework you can add the extension to your config file:

Example configuration

This is an example configuration, it's here to explain things and it's intentionally incomplete. You can also check the configuration used for my site.

Let's explain:

Policies can contain a few special keys and values:

Overriding values

If you don't want the extended values to be merged with the original values, prefix the directive name in the configuration with an exclamation mark (!). Consider the following simple example configuration:

Calling getHeader('www:...') would then return default-src 'none' 'self' which makes no sense and 'none' would even be ignored.

Change the configuration to this (note the ! prefix in default-src):

Then calling getHeader('www:...') would return default-src 'self' which is probably what you'd want in this case.

How to send the generated header in Nette Framework

You can get $presenter from \Nette\Application\Application like this for example:

And get $this->application from dependency injection container:

If you're in a presenter then you can use $this->getAction(true) instead.

Report-only policy

Use policiesReportOnly configuration key to define policies to use with Content-Security-Policy-Report-Only header:

Get the policy by calling getHeaderReportOnly() method:

You can send both enforce and report-only policies which is useful for policy upgrades for example:


All versions of csp-config with dependencies

PHP Build Version
Package Version
Requires php Version ^8.2
nette/di Version ^3.1
nette/schema Version ^1.2
spaze/nonce-generator Version ^4.0
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package spaze/csp-config contains the following files

Loading the files please wait ....