PHP download

Download the PHP package wieni/wmcontent_security_policy without Composer

On this page you can find all versions of the php package wieni/wmcontent_security_policy. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

Table of contents
Download wieni/wmcontent_security_policy
More information about wieni/wmcontent_security_policy
Files in wieni/wmcontent_security_policy

Vendor wieni
Package wmcontent_security_policy
Short Description Secure your Drupal site using a Content Security Policy header
License MIT

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:

If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.

Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
To use Composer is sometimes complicated. Especially for beginners.
Composer needs much resources. Sometimes they are not available on a simple webspace.
If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.

Please rate this library. Is it a good library?

Example code of wieni/wmcontent_security_policy

Informations about the package wmcontent_security_policy

Content Security Policy

Secure your site using a Content Security Policy header

Why?

Content Security Policy adds a security layer to detect and mitigate the risk of Cross Site Scripting (XSS), data injection, and other vulnerabilities.
The csp Drupal module is more feature-complete, but ours has a simpler interface and doesn't allow inline scripts on pages using Drupal AJAX.

Installation

This package requires PHP 7.2 and Drupal 8 or higher. It can be installed using Composer:

Patches

For this module to work, it is necessary to patch Drupal core and the Multi-value form element module. If you manage your installation with Composer, you should use the cweagans/composer-patches package to manage and automatically apply patches. If not, please check the documentation for instructions on how to manually apply patches.

If the patches below don't apply to your package versions, you should visit the relevant issues and find older or newer patches.

How does it work?

Managing default sources

Using the form at /admin/config/system/content-security-policy/default-sources, you can set default sources for the different policy directives. These sources should be required for the website to function properly.

Sources you add there are stored in configuration, so you can export them and add them to version control.

To manage these sources, you need the administer default content security policy sources permission.

Managing custom sources

Using the form at /admin/config/system/content-security-policy/custom-sources, you can add custom sources to the different policy directives.

Sources you add here are stored in the database and will not be exported with configuration. This is useful to allow content editors to add sources required for certain site content.

To manage these sources, you need the administer custom content security policy sources permission.

Adding script hashes

If you want to include certain inline scripts (eg. a Google Analytics snippet) without allowing script-src: 'unsafe-inline', you can add the hashes of these scripts to your script-src policy (more information here).

You can add script hashes in Twig by using the addCspHash function:

You can add script hashes in code by using wmcontent_security_policy.content_security_policy:addScriptHash:

Finally, it's also possible to add script hashes like any other source through the administration forms.

Events

One event is provided, which allows you to dynamically add sources right before the header is built.

Changelog

All notable changes to this project will be documented in the CHANGELOG file.

Security

If you discover any security-related issues, please email [email protected] instead of using the issue tracker.

License

Distributed under the MIT License. See the LICENSE file for more information.

All versions of wmcontent_security_policy with dependencies

PHP Build Version

Package Version

Version 1.1.1 Release 26. Jun 2024
create-project require 0 people choosed require and
0 people choosed create-project.

Download

Download latest version of wmcontent_security_policy from vendor wieni

Requires php Version ^7.2 || ^8.0
drupal/core Version ^9.3 || ^10.0
drupal/multivalue_form_element Version ^1 || ^1@beta

Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package wieni/wmcontent_security_policy contains the following files

Loading the files please wait ....