Middleware to add the Content-Security-Policy header to the response

Package info

github.com/middlewares/csp

pkg:composer/middlewares/csp

Statistics

Installs: 23 899

Dependents: 0

Suggesters: 0

Stars: 15

Open Issues: 0

v3.2.0 2025-03-23 10:41 UTC

Requires

Suggests

Provides

None

Conflicts

None

Replaces

None

MIT 5a7b16cb821d925a77faf1402167bac84ac94d5e

httpsecuritymiddlewarecsppsr-7content-security-policypsr-15

This package is auto-updated.

Last update: 2026-06-26 17:31:08 UTC

README

👁 Latest Version on Packagist
👁 Software License
👁 Testing
👁 Total Downloads

Middleware to add the Content-Security-Policy header to the response using paragonie/csp-builder library.

Requirements

Installation

This package is installable and autoloadable via Composer as middlewares/csp.

composer require middlewares/csp

Example

use ParagonIE\CSPBuilder\CSPBuilder;

$csp = CSPBuilder::fromFile('/path/to/source.json');

Dispatcher::run([
 new Middlewares\Csp($csp)
]);

Usage

Set the CSP builder to the constructor. See paragonie/csp-builder for more info. If it's not provided, create a generic one with restrictive directives.

legacy

To generate legacy CSP headers for old browsers (X-Content-Security-Policy and X-Webkit-CSP). By default is true but you can disabled it:

$middleware = (new Middlewares\Csp($csp))->legacy(false);

Helpers

createFromFile

Shortcut to create instances using a json file:

Dispatcher::run([
 Middlewares\Csp::createFromFile(__DIR__.'/csp-config.json')
]);

createFromData

Shortcut to create instances using an array with data:

Dispatcher::run([
 Middlewares\Csp::createFromData([
 'script-src' => ['self' => true],
 'object-src' => ['self' => true],
 'frame-ancestors' => ['self' => true],
 ])
]);

Please see CHANGELOG for more information about recent changes and CONTRIBUTING for contributing details.

The MIT License (MIT). Please see LICENSE for more information.