Add a CSP header parser (`CSPBuilder::fromHeader`)

paragonie / csp-builder

Build Content-Security-Policy headers from a JSON file (or build them programmatically)

https://paragonie.com/projects

MIT License

544 stars 39 forks source link

Add a CSP header parser (`CSPBuilder::fromHeader`) #74

Closed fritzmg closed 1 year ago

fritzmg commented 1 year ago

This introduces an additional fromHeader factory method to the CSPBuilder with which you can parse and then modify an existing Content-Security-Policy response header.

$csp = CSPBuilder::fromHeader("script-src 'self'");
$csp->addSource('style-src', 'self');

echo $csp->compile(); // script-src 'self'; style-src 'self'

This can be useful if the CSP header is defined elsewhere in the system and you want to additionally analyse or modify said header.

paragonie-security commented 1 year ago

Thanks! This is a wonderful addition to this library.

fritzmg commented 12 months ago

Nice :). @paragonie-security will you tag this as 2.10.0?

fritzmg commented 9 months ago

@paragonie-security any chance of this getting tagged as a new release?