mvccore/ext-tool-csp

MvcCore - 扩展 - 工具 - Csp - 用于轻松完成 `Content-Security-Policy` HTTP头部的工具。

维护者

详细信息

github.com/mvccore/ext-tool-csp

源代码

问题

安装次数: 218

依赖项: 1

建议者: 0

安全: 0

星标: 0

关注者: 2

分支: 0

开放性问题: 0

v5.0.5 2022-10-28 09:08 UTC

Requires

Requires (Dev)

BSD-3-Clause cd42296b4c1f46d47fa200834734808bcfd7aad4

frameworksecuritypluginmvcextensiontoolcontentPolicyplug-inextcspcontent-security-policymvccore

This package is auto-updated.

Last update: 2024-09-11 00:05:21 UTC

README

Latest Stable Version License PHP Version

安装

composer require mvccore/ext-tool-csp

功能

扩展,用于轻松完成 Content-Security-Policy HTTP头。
更多信息请在此处阅读

使用方法

<?php

include_once('vendor/autoload.php');

use \MvcCore\Ext\Tools\Csp;

$csp = Csp::GetInstance()
	->Disallow(
		Csp::FETCH_DEFAULT_SRC | 
		Csp::FETCH_OBJECT_SRC
	)
	->AllowSelf(
		Csp::FETCH_SCRIPT_SRC | 
		Csp::FETCH_STYLE_SRC | 
		Csp::FETCH_IMG_SRC |
		Csp::FETCH_FONT_SRC |
		Csp::FETCH_MEDIA_SRC |
		Csp::FETCH_CONNECT_SRC |
		Csp::FETCH_FRAME_SRC
	)
	->AllowHosts(
		Csp::FETCH_SCRIPT_SRC | Csp::FETCH_CONNECT_SRC, [
			'https://some.tracking-counter-1.com/',
		]
	)
	->AllowHosts(
		Csp::FETCH_SCRIPT_SRC, [
			'https://cdnjs.com/',
			'https://code.jqueryjs.cn/',
		]
	)
	->AllowHosts(
		Csp::FETCH_IMG_SRC, [
			'data:',
		]
	)
	->AllowNonce(Csp::FETCH_SCRIPT_SRC)
	->AllowGoogleMaps();
	
header($csp->GetHeader());
	
?><!DOCTYPE HTML>
<html lang="en-US">
	<head>
		<meta charset="UTF-8">
		<title>CSP</title>
	</head>
	<body>
		<script nonce="<?=$csp->GetNonce()?>" type="text/javascript">
			document.write("Safe working javascript code.");
		</script>
		<hr />
		<script type="text/javascript">
			document.write("Dangerous not working javascript code.");
		</script>
	</body>
</html>