feat: Add nelmio/security-bundle
This commit adds the nelmio/security-bundle to the composer.json file. The bundle provides extra security-related features for Symfony, such as signed/encrypted cookies, HTTPS/SSL/HSTS handling, and cookie session storage.
This commit is contained in:
parent
06c6f0a659
commit
449af1be8e
@ -15,6 +15,7 @@
|
||||
"doctrine/doctrine-migrations-bundle": "^3.2",
|
||||
"doctrine/orm": "^2.15",
|
||||
"guzzlehttp/guzzle": "^7.7",
|
||||
"nelmio/security-bundle": "^3.0",
|
||||
"phpseclib/phpseclib": "^3.0",
|
||||
"scienta/doctrine-json-functions": "^5.3",
|
||||
"symfony/console": "^6.3",
|
||||
|
214
composer.lock
generated
214
composer.lock
generated
@ -4,8 +4,84 @@
|
||||
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
|
||||
"This file is @generated automatically"
|
||||
],
|
||||
"content-hash": "9561d8eb11d0593a60c3f4e664bb727f",
|
||||
"content-hash": "dae2b5d4b529b83d11b206b565bec8a6",
|
||||
"packages": [
|
||||
{
|
||||
"name": "composer/ca-bundle",
|
||||
"version": "1.3.6",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/composer/ca-bundle.git",
|
||||
"reference": "90d087e988ff194065333d16bc5cf649872d9cdb"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/composer/ca-bundle/zipball/90d087e988ff194065333d16bc5cf649872d9cdb",
|
||||
"reference": "90d087e988ff194065333d16bc5cf649872d9cdb",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
"ext-openssl": "*",
|
||||
"ext-pcre": "*",
|
||||
"php": "^5.3.2 || ^7.0 || ^8.0"
|
||||
},
|
||||
"require-dev": {
|
||||
"phpstan/phpstan": "^0.12.55",
|
||||
"psr/log": "^1.0",
|
||||
"symfony/phpunit-bridge": "^4.2 || ^5",
|
||||
"symfony/process": "^2.5 || ^3.0 || ^4.0 || ^5.0 || ^6.0"
|
||||
},
|
||||
"type": "library",
|
||||
"extra": {
|
||||
"branch-alias": {
|
||||
"dev-main": "1.x-dev"
|
||||
}
|
||||
},
|
||||
"autoload": {
|
||||
"psr-4": {
|
||||
"Composer\\CaBundle\\": "src"
|
||||
}
|
||||
},
|
||||
"notification-url": "https://packagist.org/downloads/",
|
||||
"license": [
|
||||
"MIT"
|
||||
],
|
||||
"authors": [
|
||||
{
|
||||
"name": "Jordi Boggiano",
|
||||
"email": "j.boggiano@seld.be",
|
||||
"homepage": "http://seld.be"
|
||||
}
|
||||
],
|
||||
"description": "Lets you find a path to the system CA bundle, and includes a fallback to the Mozilla CA bundle.",
|
||||
"keywords": [
|
||||
"cabundle",
|
||||
"cacert",
|
||||
"certificate",
|
||||
"ssl",
|
||||
"tls"
|
||||
],
|
||||
"support": {
|
||||
"irc": "irc://irc.freenode.org/composer",
|
||||
"issues": "https://github.com/composer/ca-bundle/issues",
|
||||
"source": "https://github.com/composer/ca-bundle/tree/1.3.6"
|
||||
},
|
||||
"funding": [
|
||||
{
|
||||
"url": "https://packagist.com",
|
||||
"type": "custom"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/composer",
|
||||
"type": "github"
|
||||
},
|
||||
{
|
||||
"url": "https://tidelift.com/funding/github/packagist/composer/composer",
|
||||
"type": "tidelift"
|
||||
}
|
||||
],
|
||||
"time": "2023-06-06T12:02:59+00:00"
|
||||
},
|
||||
{
|
||||
"name": "doctrine/cache",
|
||||
"version": "2.2.0",
|
||||
@ -1856,6 +1932,79 @@
|
||||
],
|
||||
"time": "2023-05-14T12:05:38+00:00"
|
||||
},
|
||||
{
|
||||
"name": "nelmio/security-bundle",
|
||||
"version": "v3.0.0",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/nelmio/NelmioSecurityBundle.git",
|
||||
"reference": "34699d40d81b58b6bd256e34489c799620dff2a4"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/nelmio/NelmioSecurityBundle/zipball/34699d40d81b58b6bd256e34489c799620dff2a4",
|
||||
"reference": "34699d40d81b58b6bd256e34489c799620dff2a4",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
"php": "^7.4 || ^8.0",
|
||||
"symfony/framework-bundle": "^4.4 || ^5.4 || ^6.0",
|
||||
"symfony/http-kernel": "^4.4 || ^5.4 || ^6.0",
|
||||
"symfony/security-core": "^4.4 || ^5.4 || ^6.0",
|
||||
"symfony/security-csrf": "^4.4 || ^5.4 || ^6.0",
|
||||
"symfony/security-http": "^4.4 || ^5.4 || ^6.0",
|
||||
"symfony/yaml": "^4.4 || ^5.4 || ^6.0",
|
||||
"ua-parser/uap-php": "^3.4.4"
|
||||
},
|
||||
"require-dev": {
|
||||
"phpstan/phpstan": "^1.4",
|
||||
"phpstan/phpstan-deprecation-rules": "^1.0",
|
||||
"phpstan/phpstan-phpunit": "^1.0",
|
||||
"phpstan/phpstan-strict-rules": "^1.1",
|
||||
"phpstan/phpstan-symfony": "^1.1",
|
||||
"phpunit/phpunit": "^9.5",
|
||||
"psr/cache": "^1.0 || ^2.0 || ^3.0",
|
||||
"symfony/browser-kit": "^4.4 || ^5.4 || ^6.0",
|
||||
"symfony/cache": "^4.4 || ^5.4 || ^6.0",
|
||||
"symfony/phpunit-bridge": "^6.0",
|
||||
"symfony/twig-bundle": "^4.4 || ^5.4 || ^6.0",
|
||||
"twig/twig": "^2.10 || ^3.0"
|
||||
},
|
||||
"type": "symfony-bundle",
|
||||
"extra": {
|
||||
"branch-alias": {
|
||||
"dev-master": "3.x-dev"
|
||||
}
|
||||
},
|
||||
"autoload": {
|
||||
"psr-4": {
|
||||
"Nelmio\\SecurityBundle\\": "src/"
|
||||
}
|
||||
},
|
||||
"notification-url": "https://packagist.org/downloads/",
|
||||
"license": [
|
||||
"MIT"
|
||||
],
|
||||
"authors": [
|
||||
{
|
||||
"name": "Nelmio",
|
||||
"homepage": "http://nelm.io"
|
||||
},
|
||||
{
|
||||
"name": "Symfony Community",
|
||||
"homepage": "https://github.com/nelmio/NelmioSecurityBundle/contributors"
|
||||
}
|
||||
],
|
||||
"description": "Extra security-related features for Symfony: signed/encrypted cookies, HTTPS/SSL/HSTS handling, cookie session storage, ...",
|
||||
"keywords": [
|
||||
"security"
|
||||
],
|
||||
"support": {
|
||||
"issues": "https://github.com/nelmio/NelmioSecurityBundle/issues",
|
||||
"source": "https://github.com/nelmio/NelmioSecurityBundle/tree/v3.0.0"
|
||||
},
|
||||
"time": "2022-03-17T07:30:15+00:00"
|
||||
},
|
||||
{
|
||||
"name": "paragonie/constant_time_encoding",
|
||||
"version": "v2.6.3",
|
||||
@ -6761,6 +6910,69 @@
|
||||
}
|
||||
],
|
||||
"time": "2023-06-08T12:52:13+00:00"
|
||||
},
|
||||
{
|
||||
"name": "ua-parser/uap-php",
|
||||
"version": "v3.9.14",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/ua-parser/uap-php.git",
|
||||
"reference": "b796c5ea5df588e65aeb4e2c6cce3811dec4fed6"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/ua-parser/uap-php/zipball/b796c5ea5df588e65aeb4e2c6cce3811dec4fed6",
|
||||
"reference": "b796c5ea5df588e65aeb4e2c6cce3811dec4fed6",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
"composer/ca-bundle": "^1.1",
|
||||
"php": "^7.2 || ^8.0"
|
||||
},
|
||||
"require-dev": {
|
||||
"phpstan/phpstan": "^0.12.33",
|
||||
"phpunit/phpunit": "^8 || ^9",
|
||||
"symfony/console": "^3.4 || ^4.2 || ^4.3 || ^5.0",
|
||||
"symfony/filesystem": "^3.4 || ^4.2 || ^4.3 || ^5.0",
|
||||
"symfony/finder": "^3.4 || ^4.2 || ^4.3 || ^5.0",
|
||||
"symfony/yaml": "^3.4 || ^4.2 || ^4.3 || ^5.0",
|
||||
"vimeo/psalm": "^3.12"
|
||||
},
|
||||
"suggest": {
|
||||
"symfony/console": "Required for CLI usage - ^3.4 || ^4.3 || ^5.0",
|
||||
"symfony/filesystem": "Required for CLI usage - ^3.4 || ^4.3 || ^5.0",
|
||||
"symfony/finder": "Required for CLI usage - ^3.4 || ^4.3 || ^5.0",
|
||||
"symfony/yaml": "Required for CLI usage - ^3.4 || ^4.3 || ^5.0"
|
||||
},
|
||||
"bin": [
|
||||
"bin/uaparser"
|
||||
],
|
||||
"type": "library",
|
||||
"autoload": {
|
||||
"psr-4": {
|
||||
"UAParser\\": "src"
|
||||
}
|
||||
},
|
||||
"notification-url": "https://packagist.org/downloads/",
|
||||
"license": [
|
||||
"MIT"
|
||||
],
|
||||
"authors": [
|
||||
{
|
||||
"name": "Dave Olsen",
|
||||
"email": "dmolsen@gmail.com"
|
||||
},
|
||||
{
|
||||
"name": "Lars Strojny",
|
||||
"email": "lars@strojny.net"
|
||||
}
|
||||
],
|
||||
"description": "A multi-language port of Browserscope's user agent parser.",
|
||||
"support": {
|
||||
"issues": "https://github.com/ua-parser/uap-php/issues",
|
||||
"source": "https://github.com/ua-parser/uap-php/tree/v3.9.14"
|
||||
},
|
||||
"time": "2020-10-02T23:36:20+00:00"
|
||||
}
|
||||
],
|
||||
"packages-dev": [
|
||||
|
@ -11,4 +11,5 @@ return [
|
||||
Symfony\Bundle\MonologBundle\MonologBundle::class => ['all' => true],
|
||||
Symfony\Bundle\DebugBundle\DebugBundle::class => ['dev' => true],
|
||||
Symfony\WebpackEncoreBundle\WebpackEncoreBundle::class => ['all' => true],
|
||||
Nelmio\SecurityBundle\NelmioSecurityBundle::class => ['all' => true],
|
||||
];
|
||||
|
64
config/packages/nelmio_security.yaml
Normal file
64
config/packages/nelmio_security.yaml
Normal file
@ -0,0 +1,64 @@
|
||||
nelmio_security:
|
||||
# prevents framing of the entire site
|
||||
clickjacking:
|
||||
paths:
|
||||
'^/.*': DENY
|
||||
|
||||
# disables content type sniffing for script resources
|
||||
content_type:
|
||||
nosniff: true
|
||||
|
||||
# forces Microsoft's XSS-Protection with
|
||||
# its block mode
|
||||
xss_protection:
|
||||
enabled: true
|
||||
mode_block: true
|
||||
|
||||
# Send a full URL in the `Referer` header when performing a same-origin request,
|
||||
# only send the origin of the document to secure destination (HTTPS->HTTPS),
|
||||
# and send no header to a less secure destination (HTTPS->HTTP).
|
||||
# If `strict-origin-when-cross-origin` is not supported, use `no-referrer` policy,
|
||||
# no referrer information is sent along with requests.
|
||||
referrer_policy:
|
||||
enabled: true
|
||||
policies:
|
||||
- 'no-referrer'
|
||||
- 'strict-origin-when-cross-origin'
|
||||
csp:
|
||||
enabled: true
|
||||
report_logger_service: logger
|
||||
hosts: []
|
||||
content_types: []
|
||||
enforce:
|
||||
# see full description below
|
||||
level1_fallback: true
|
||||
# only send directives supported by the browser, defaults to false
|
||||
# this is a port of https://github.com/twitter/secureheaders/blob/83a564a235c8be1a8a3901373dbc769da32f6ed7/lib/secure_headers/headers/policy_management.rb#L97
|
||||
browser_adaptive:
|
||||
enabled: false
|
||||
report-uri: '%router.request_context.base_url%/nelmio/csp/report'
|
||||
default-src:
|
||||
- 'none'
|
||||
script-src:
|
||||
- 'self'
|
||||
font-src:
|
||||
- 'self'
|
||||
style-src:
|
||||
- 'self'
|
||||
img-src:
|
||||
- 'self'
|
||||
- 'data:'
|
||||
connect-src:
|
||||
- 'self'
|
||||
block-all-mixed-content: true # defaults to false, blocks HTTP content over HTTPS transport
|
||||
# upgrade-insecure-requests: true # defaults to false, upgrades HTTP requests to HTTPS transport
|
||||
report:
|
||||
# see full description below
|
||||
level1_fallback: true
|
||||
# only send directives supported by the browser, defaults to false
|
||||
# this is a port of https://github.com/twitter/secureheaders/blob/83a564a235c8be1a8a3901373dbc769da32f6ed7/lib/secure_headers/headers/policy_management.rb#L97
|
||||
browser_adaptive:
|
||||
enabled: true
|
||||
report-uri: '%router.request_context.base_url%/nelmio/csp/report'
|
||||
script-src:
|
||||
- 'self'
|
@ -8,9 +8,6 @@ parameters:
|
||||
en: 'English'
|
||||
nl: 'Nederlands'
|
||||
leet: 'L33tsp34k'
|
||||
security:
|
||||
csp_policy: "default-src 'none'; font-src 'self' data:; style-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self' data:; form-action 'self'; require-trusted-types-for 'script'; frame-ancestors 'none'; base-uri 'none'"
|
||||
referer_policy: "same-origin"
|
||||
|
||||
services:
|
||||
# default configuration for services in *this* file
|
||||
|
@ -1,35 +0,0 @@
|
||||
<?php
|
||||
|
||||
namespace App\EventSubscriber;
|
||||
|
||||
use Symfony\Component\DependencyInjection\ParameterBag\ContainerBagInterface;
|
||||
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
|
||||
use Symfony\Component\HttpKernel\Event\ResponseEvent;
|
||||
use Symfony\Component\HttpKernel\KernelEvents;
|
||||
|
||||
class SecurityHeadersSubscriber implements EventSubscriberInterface
|
||||
{
|
||||
private $params;
|
||||
|
||||
public function __construct(ContainerBagInterface $params)
|
||||
{
|
||||
$this->params = $params;
|
||||
}
|
||||
|
||||
public function onResponse(ResponseEvent $event)
|
||||
{
|
||||
$response = $event->getResponse();
|
||||
$securitypolicy = $this->params->get('security');
|
||||
$csp = $securitypolicy['csp_policy'];
|
||||
$referer = $securitypolicy['referer_policy'];
|
||||
$response->headers->set("Content-Security-Policy", $csp);
|
||||
$response->headers->set("Referrer-Policy", $referer);
|
||||
}
|
||||
|
||||
public static function getSubscribedEvents()
|
||||
{
|
||||
return [
|
||||
KernelEvents::RESPONSE => 'onResponse'
|
||||
];
|
||||
}
|
||||
}
|
12
symfony.lock
12
symfony.lock
@ -95,6 +95,18 @@
|
||||
"monolog/monolog": {
|
||||
"version": "2.5.0"
|
||||
},
|
||||
"nelmio/security-bundle": {
|
||||
"version": "3.0",
|
||||
"recipe": {
|
||||
"repo": "github.com/symfony/recipes",
|
||||
"branch": "main",
|
||||
"version": "2.4",
|
||||
"ref": "65726efb67ff51d89de38195bc0d230fa811f64d"
|
||||
},
|
||||
"files": [
|
||||
"config/packages/nelmio_security.yaml"
|
||||
]
|
||||
},
|
||||
"nikic/php-parser": {
|
||||
"version": "v4.13.2"
|
||||
},
|
||||
|
Loading…
Reference in New Issue
Block a user