Download the PHP package stevenmaguire/laravel-middleware-csp without Composer
On this page you can find all versions of the php package stevenmaguire/laravel-middleware-csp. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download stevenmaguire/laravel-middleware-csp
More information about stevenmaguire/laravel-middleware-csp
Files in stevenmaguire/laravel-middleware-csp
Package laravel-middleware-csp
Short Description Provides support for enforcing Content Security Policy with headers in Laravel responses.
License MIT
Homepage https://github.com/stevenmaguire/laravel-middleware-csp
FAQ
Example:
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
- Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
- To use Composer is sometimes complicated. Especially for beginners.
- Composer needs much resources. Sometimes they are not available on a simple webspace.
- If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
- Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Informations about the package laravel-middleware-csp
Content Security Policy Middleware
Provides support for enforcing Content Security Policy with headers in Laravel responses. This package extends and utilizes the framework agnostic Content Security Policy Middleware for PSR 7 response.
Install
Via Composer
Usage
Register as route middleware
Apply content security policy to routes
The following will apply all default profiles to the gallery route.
The following will apply all default profiles and a specific flickr profile to the gallery route.
Apply content security policy to controllers
The following will apply all default profiles to all methods within the GalleryController.
The following will apply all default profiles and a specific google profile to all methods within the GalleryController.
You can include any number of specific profiles to any middleware decoration. For instance, the following will apply default, google, flickr, and my_custom profiles to all methods within the GalleryController.
Create content security profiles
The default location for content security profiles is security.content. If you wish to use this default configuration, ensure your project includes the appropriate configuration files.
You can find all available options on the owasp CSP Cheat Sheet.
The structure of this configuration array is important. The middleware expects to find a default key with a string value and a profiles key with an array value.
The profiles array contains the security profiles for your application. Each profile name must be unique and is expected to have a value of an array.
Each profile array should contain keys that correspond to Content Security Policy directives. The value of each of these directives can be a string, comma-separated string, or array of strings. Each string value should correspond to the domain associated with your directive and profile.
The default key value should be a string, comma-separated string, or array of strings that correspond to the unique profile names that you would like to enforce on all responses with minimal content security applied.
Here is a real-world example:
Testing
Contributing
Please see CONTRIBUTING for details.
Credits
License
The MIT License (MIT). Please see License File for more information.
All versions of laravel-middleware-csp with dependencies
stevenmaguire/middleware-csp Version ^0.1
guzzlehttp/psr7 Version ^1.1
illuminate/http Version ^5.1