Skip to content
/ IseWebSecurityBundle Public

A Symfony bundle providing web security features in the form of COOP, COEP, Fetch Metadata and Trusted types

esp-demo-2020.ew.r.appspot.com/

License

Apache-2.0 license
10 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

GoogleChromeLabs/IseWebSecurityBundle

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

83 Commits
.github
.github
 
 
Controller
Controller
 
 
DataCollector
DataCollector
 
 
DependencyInjection
DependencyInjection
 
 
EventSubscriber
EventSubscriber
 
 
Options
Options
 
 
Policies
Policies
 
 
Resources
Resources
 
 
docs
docs
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
.travis.yml
.travis.yml
 
 
IseWebSecurityBundle.php
IseWebSecurityBundle.php
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
composer.json
composer.json
 
 
ise_web_security.yaml.dist
ise_web_security.yaml.dist
 
 
phpunit.xml.dist
phpunit.xml.dist
 
 

Repository files navigation

Build Status Coverage Status

🔐 IseWebSecurityBundle

A Symfony bundle that implements best practice for security features, including:

  • Content Security Policy (CSP)
  • Cross Origin Opener Policy / Cross Origin Embedder Policy (COOP/COEP)
  • Fetch metadata headers
  • Trusted Types

🖥️ Usage

Install the package from Packagist:

composer require googlechromelabs/ise-web-security-bundle

Due to a lack of Symfony Flex recipe to do so automatically. In your projects /config/packages folder, create ise_web_security.yaml and populate it with the yaml config detailed below.

Config

More Config details can be found here

The config within your Symfony project will control how the bundle works in your Application. Below, you will find an example config for the current state of the project that will activate the majority of the features. The ise_web_security.yaml.dist is also an example of this file.

ise_web_security.yaml

ise_web_security:
    defaults: 
        preset: 'full'
    paths:
        '^/public':
            coop:
                active: false
            coep:
                active: false
            fetch_metadata:
                active: false
        '^/admin':
            fetch_metadata:
                allowed_endpoints: ['/images']
            trusted_types:
                active: true
                polices: ['foo', 'bar']
                require_for: ['script', 'style']

Wiki

This Repo has a wiki! Check it out here

🤝 Contributing

Issues and pull requests are always welcome. For details, see docs/contributing.md

This is not an officially supported Google product.

About

A Symfony bundle providing web security features in the form of COOP, COEP, Fetch Metadata and Trusted types

esp-demo-2020.ew.r.appspot.com/

Topics

symfony symfony-bundle wip trusted-types coep

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct
Activity
Custom properties

Stars

10 stars

Watchers

5 watching

Forks

4 forks
Report repository

Releases 1

Initial feature release Latest
Sep 1, 2020

Packages

No packages published

Contributors 2

  •  
  •  

Languages