Skip to content

Commit 43b21e1

Browse files
paramonovavparamonovav
committed
Update README.md
1 parent 9e2dad8 commit 43b21e1

File tree

1 file changed

+60
-2
lines changed

1 file changed

+60
-2
lines changed

README.md

Lines changed: 60 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,2 +1,60 @@
1-
# laravel4-header-csp
2-
Provides support for enforcing Content Security Policy with headers in Laravel 4 responses.
1+
# Response header Content Security Policy for Laravel 4
2+
Provides support for enforcing Content Security Policy and XSS Protection with headers in Laravel 4 responses.
3+
4+
*Note*: Based on [Content Security Policy](http://content-security-policy.com/), [Improving Web Security with the Content Security Policy](http://www.sitepoint.com/improving-web-security-with-the-content-security-policy/), [HTTP headers](https://www.owasp.org/index.php/List_of_useful_HTTP_headers).
5+
6+
## Key Features
7+
8+
1. Add rules for Content Security Policy (content-security-policy, x-content-security-policy, x-webkit-csp)
9+
2. Save reports of policy failures to ```storage/logs/content-security-policy-report``` folder if needed
10+
3. Add additional header like: ```x-xss-protection, x-frame-options, x-content-type-options```
11+
12+
## Installation
13+
14+
Require this package with composer:
15+
16+
```
17+
composer require paramonovav/laravel4-header-csp
18+
```
19+
20+
After updating composer, add the ServiceProvider to the providers array in app/config/app.php
21+
22+
```
23+
'Paramonovav\Laravel4HeaderCsp\Laravel4HeaderCspServiceProvider',
24+
```
25+
26+
You need to publish the config from this package.
27+
28+
```
29+
php artisan config:publish paramonovav/laravel4-header-csp
30+
```
31+
## Usage
32+
33+
### Apply content security policy to routes
34+
35+
The following will apply all default profiles to the ```login``` route.
36+
37+
```
38+
Route::get('login', array('after'=>'response.secure'), function()
39+
{
40+
return 'Hello, on login page !';
41+
}));
42+
```
43+
44+
The following will apply all default profiles and a specific ```google``` profile to the ```login``` route.
45+
46+
```
47+
Route::get('login', array('after'=>'response.secure:google'), function()
48+
{
49+
return 'Hello, on login page !';
50+
}));
51+
```
52+
53+
You can include any number of specific profiles. The following will apply default, google, flickr, and my_custom profiles to the ```login``` route.
54+
55+
```
56+
Route::get('login', array('after'=>'response.secure:google-flickr-my_custom'), function()
57+
{
58+
return 'Hello, on login page !';
59+
}));
60+
```

0 commit comments

Comments
 (0)