laravel-csp - Set content security policy headers in a Laravel app

  •        29

By default all scripts on a webpage are allowed to send and fetch data to any site they want. This can be a security problem. Imagine one of your JavaScript dependencies sends all keystrokes, including passwords, to a third party website. It's very easy for someone to hide this malicious behaviour, making it nearly impossible for you to detect it (unless you manually read all the JavaScript code on your site). For a better idea of why you really need to set content security policy headers read this excellent blog post by David Gilbertson.

https://murze.be/using-content-security-policy-headers-in-a-laravel-app
https://github.com/spatie/laravel-csp

Tags
Implementation
License
Platform

   




Related Projects

csp-builder - Build Content-Security-Policy headers from a JSON file (or build them programmatically)

  •    PHP

Easily integrate Content-Security-Policy headers into your web application, either from a JSON configuration file, or programatically. CSP Builder was created by Paragon Initiative Enterprises as part of our effort to encourage better application security practices.

laravel-image-optimizer - Optimize images in your Laravel app

  •    PHP

This package is the Laravel 5.4 and up specific integration of spatie/image-optimizer. It can optimize PNGs, JPGs, SVGs and GIFs by running them through a chain of various image optimization tools. The package will automatically detect which optimization binaries are installed on your system and use them. The package also contains a middleware to automatically optimize all images in an request.

laravel-activitylog - Log activity inside your Laravel app

  •    PHP

The spatie/laravel-activitylog package provides easy to use functions to log the activities of the users of your app. It can also automatically log model events. The Package stores all activity in the activity_log table. You can retrieve all activity using the Spatie\Activitylog\Models\Activity model.

PermissionManager - Admin interface for managing users, roles, permissions, using Backpack CRUD

  •    PHP

This package is just a user interface for spatie/laravel-permission. It will install it, and let you use its API in code. Please refer to their README for more information on how to use in code. Please subscribe to the Backpack Newsletter so you can find out about any security updates, breaking changes or major features. We send an email every 1-2 months.

laravel-mix-purgecss - Zero-config Purgecss for Laravel Mix

  •    Javascript

The Purgecss config is inspired by Jonathan Reinink's config for Tailwind CSS. Before you get started, make sure you're using laravel-mix version 2.1 or higher.


laravel-fractal - An easy to use Fractal wrapper built for Laravel and Lumen applications

  •    PHP

The package provides a nice and easy wrapper around Fractal for use in your Laravel applications. If you don't know what Fractal does, take a peek at their intro. Shortly said, Fractal is very useful to transform data before using it in an API. Spatie is a webdesign agency based in Antwerp, Belgium. You'll find an overview of all our open source projects on our website.

laravel-webhook-server - Send webhooks from Laravel apps

  •    PHP

A webhook is a way for an app to provide information to another app about a particular event. The way the two apps communicate is with a simple HTTP request. This package allows you to configure and send webhooks in a Laravel app easily. It has support for signing calls, retrying calls and backoff strategies.

menu - Html menu generator

  •    PHP

The spatie/menu package provides a fluent interface to build menus of any size in your php application. If you're building your app with Laravel, the spatie/laravel-menu provides some extra treats. Documentation is available at https://docs.spatie.be/menu.

laravel-webhook-client - Receive webhooks in Laravel apps

  •    PHP

A webhook is a way for an app to provide information to another app about a specific event. The way the two apps communicate is with a simple HTTP request. This package allows you to receive webhooks in a Laravel app. It has support for verifying signed calls, storing payloads and processing the payloads in a queued job.

vue-api-query - 💎 Elegant and simple way to build requests for REST API

  •    Javascript

This package helps you quickly to build requests for REST API. Move your logic and backend requests to dedicated classes. Keep your code clean and elegant. 🔥 If you use Laravel, this package matches perfectly with spatie/laravel-query-builder.

laravel-newsletter - Manage newsletters in Laravel

  •    PHP

Please note the at the time of this writing the default merge variables in MailChimp are named FNAME and LNAME. In our examples we use firstName and lastName for extra readability. Make sure you rename those merge variables at MailChimp in order to make these examples work. Spatie is a webdesign agency in Antwerp, Belgium. You'll find an overview of all our open source projects on our website.

laravel-paginateroute - Laravel router extension to easily use Laravel's paginator without the query string

  •    PHP

This package adds the paginate route method to support pagination via custom routes instead of query strings. This also allows for easily translatable pagination routes ex. /news/page/2, /nieuws/pagina/2. Spatie is a webdesign agency in Antwerp, Belgium. You'll find an overview of all our open source projects on our website.

laravel-collection-macros - A set of useful Laravel collection macros

  •    PHP

This repository contains some useful collection macros. Spatie is a webdesign agency based in Antwerp, Belgium. You'll find an overview of all our open source projects on our website.

secure_headers - Manages application of security headers with many safe defaults

  •    Ruby

main branch represents 6.x line. See the upgrading to 4.x doc, upgrading to 5.x doc, or upgrading to 6.x doc for instructions on how to upgrade. Bug fixes should go in the 5.x branch for now. It can also mark all http cookies with the Secure, HttpOnly and SameSite attributes. This is on default but can be turned off by using config.cookies = SecureHeaders::OPT_OUT.

laravel-responsecache - Speed up a Laravel app by caching the entire response

  •    PHP

This Laravel 5.5 package can cache an entire response. By default it will cache all successful get-requests for a week. This could potentially speed up the response quite considerably. So the first time a request comes in the package will save the response before sending it to the users. When the same request comes in again we're not going through the entire application but just respond with the saved response.

CSP in F#

  •    

A small and simple CSP (Constraint Satisfaction Problem) solver library in F#.

captcha - Captcha for Laravel 5

  •    PHP

A simple Laravel 5 service provider for including the Captcha for Laravel 5. The Captcha Service Provider can be installed via Composer by requiring the mews/captcha package and setting the minimum-stability to dev (required for Laravel 5) in your project's composer.json.

laravel-tail - An artisan command to tail your application logs

  •    PHP

This package offers an Artisan command to tail the application log. It supports daily and single logs on your local machine. Spatie is a webdesign agency in Antwerp, Belgium. You'll find an overview of all our open source projects on our website.

form-backend-validation - An easy way to validate forms using back end logic

  •    Javascript

Wouldn't it be great if you could just use your back end to validate forms on the front end? This package provides a Form class does exactly that. It can post itself to a configured endpoint and manage errors. The class meant to be used with a Laravel back end. Take a look at the usage section to view a detailed example on how to use it.






We have large collection of open source products. Follow the tags from Tag Cloud >>


Open source products are scattered around the web. Please provide information about the open source projects you own / you use. Add Projects.