spaze/nonce-generator
Content Security Policy nonce generator
Maintainers
Requires
- php: ^8.2
- latte/latte: ^3.0
- nette/application: ^3.1
- nette/di: ^3.0
Requires (Dev)
- nette/tester: ^2.5.7
- php-parallel-lint/php-console-highlighter: ^1.0
- php-parallel-lint/php-parallel-lint: ^1.4
- phpstan/phpstan: ^2.1
- spaze/coding-standard: ^1.8
Suggests
- spaze/csp-config: Build and send Content Security Policy header, possibly including nonce, if enabled
- spaze/sri-macros: For script tags with automatically added Content Security Policy nonces, and Subresource Integrity hashes, too
Provides
None
Conflicts
None
Replaces
None
MIT d82b6aa4a455c7e78b87233181b6d54f94d41a3c
- Michal Špaček <mail.woop@michalspacek.cz>
README
This generates random nonces for Content Security Policy nonce attributes. These nonces work with CSP3 strict-dynamic which aims to make Content Security Policy simpler to deploy for existing applications. This package is intended to be used with Nette Framework, spaze/csp-config and spaze/sri-macros.
Usage
This is a plug and play generator.
If installed, \Spaze\ContentSecurityPolicy\Config::addDirective() from spaze/csp-config will automatically add nonce-... attribute to configured directives, and Latte macros {script ...} and {stylesheet ...} from spaze/sri-macros will add nonce="..." attribute to script and style attributes respectively. Also n:nonce shortcut will use the same generated value.
Installation
With Composer:
composer require spaze/nonce-generator
Add the extension to your configuration:
extensions: nonceGenerator: Spaze\NonceGenerator\Bridges\Nette\GeneratorExtension
Requirements
- PHP 8.2 or newer
- Latte 3.0 or newer
- Nette Application 3.1 or newer
- Nette DI 3.0 or newer
API
createNonce(): Nonce
Generates and returns a Nonce object. Use Nonce::getValue() to get the generated nonce.