From 97015e44674f7835c1dd6edd4f4652087512c698 Mon Sep 17 00:00:00 2001 From: Maarten Bruna <14947039+ictbeheer@users.noreply.github.com> Date: Tue, 8 Jul 2025 15:43:21 +0200 Subject: [PATCH] (feat): add CSP headers --- composer.json | 3 +- composer.lock | 151 ++++++++++++++++++++++++++++++++++++++++++-- src/Http/Kernel.php | 18 ++++++ src/helpers.php | 5 ++ 4 files changed, 172 insertions(+), 5 deletions(-) create mode 100644 src/Http/Kernel.php diff --git a/composer.json b/composer.json index 938e39b..4922a5c 100644 --- a/composer.json +++ b/composer.json @@ -12,7 +12,8 @@ "require": { "php": ">=8.1", "roots/acorn": "^4.3", - "sentry/sentry-laravel": "^4.4" + "sentry/sentry-laravel": "^4.4", + "spatie/laravel-csp": "^2.10" }, "require-dev": { "larastan/larastan": "^2.9", diff --git a/composer.lock b/composer.lock index 478c03d..f2a5346 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "92c129d8ae7f1c917229f95433fe584b", + "content-hash": "6df63d811f753861c778ecad443256b6", "packages": [ { "name": "brick/math", @@ -3361,6 +3361,149 @@ ], "time": "2025-06-24T12:39:03+00:00" }, + { + "name": "spatie/laravel-csp", + "version": "2.10.3", + "source": { + "type": "git", + "url": "https://github.com/spatie/laravel-csp.git", + "reference": "15e40c28d46076b3d5a4268b63040b3900cc05d3" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/spatie/laravel-csp/zipball/15e40c28d46076b3d5a4268b63040b3900cc05d3", + "reference": "15e40c28d46076b3d5a4268b63040b3900cc05d3", + "shasum": "" + }, + "require": { + "illuminate/http": "^9.0|^10.0|^11.36.1|^12", + "illuminate/support": "^9.0|^10.0|^11.36.1|^12", + "php": "^8.1", + "spatie/laravel-package-tools": "^1.17" + }, + "require-dev": { + "mockery/mockery": "^1.6.12", + "orchestra/testbench": "^7.0|^8.0|^9.9|^10", + "pestphp/pest": "^1.23.0|^2.36.0|^3", + "roave/security-advisories": "dev-master" + }, + "type": "library", + "extra": { + "laravel": { + "providers": [ + "Spatie\\Csp\\CspServiceProvider" + ] + } + }, + "autoload": { + "files": [ + "src/helpers.php" + ], + "psr-4": { + "Spatie\\Csp\\": "src" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Thomas Verhelst", + "email": "tvke91@gmail.com", + "homepage": "https://spatie.be", + "role": "Developer" + }, + { + "name": "Freek Van der Herten", + "email": "freek@spatie.be", + "homepage": "https://spatie.be", + "role": "Developer" + } + ], + "description": "Add CSP headers to the responses of a Laravel app", + "homepage": "https://github.com/spatie/laravel-csp", + "keywords": [ + "content-security-policy", + "csp", + "headers", + "laravel", + "laravel-csp", + "security", + "spatie" + ], + "support": { + "source": "https://github.com/spatie/laravel-csp/tree/2.10.3" + }, + "funding": [ + { + "url": "https://spatie.be/open-source/support-us", + "type": "custom" + } + ], + "time": "2025-02-14T13:23:32+00:00" + }, + { + "name": "spatie/laravel-package-tools", + "version": "1.92.4", + "source": { + "type": "git", + "url": "https://github.com/spatie/laravel-package-tools.git", + "reference": "d20b1969f836d210459b78683d85c9cd5c5f508c" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/spatie/laravel-package-tools/zipball/d20b1969f836d210459b78683d85c9cd5c5f508c", + "reference": "d20b1969f836d210459b78683d85c9cd5c5f508c", + "shasum": "" + }, + "require": { + "illuminate/contracts": "^9.28|^10.0|^11.0|^12.0", + "php": "^8.0" + }, + "require-dev": { + "mockery/mockery": "^1.5", + "orchestra/testbench": "^7.7|^8.0|^9.0|^10.0", + "pestphp/pest": "^1.23|^2.1|^3.1", + "phpunit/php-code-coverage": "^9.0|^10.0|^11.0", + "phpunit/phpunit": "^9.5.24|^10.5|^11.5", + "spatie/pest-plugin-test-time": "^1.1|^2.2" + }, + "type": "library", + "autoload": { + "psr-4": { + "Spatie\\LaravelPackageTools\\": "src" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Freek Van der Herten", + "email": "freek@spatie.be", + "role": "Developer" + } + ], + "description": "Tools for creating Laravel packages", + "homepage": "https://github.com/spatie/laravel-package-tools", + "keywords": [ + "laravel-package-tools", + "spatie" + ], + "support": { + "issues": "https://github.com/spatie/laravel-package-tools/issues", + "source": "https://github.com/spatie/laravel-package-tools/tree/1.92.4" + }, + "funding": [ + { + "url": "https://github.com/spatie", + "type": "github" + } + ], + "time": "2025-04-11T15:27:14+00:00" + }, { "name": "symfony/console", "version": "v6.4.23", @@ -10272,15 +10415,15 @@ ], "aliases": [], "minimum-stability": "stable", - "stability-flags": [], + "stability-flags": {}, "prefer-stable": false, "prefer-lowest": false, "platform": { "php": ">=8.1" }, - "platform-dev": [], + "platform-dev": {}, "platform-overrides": { "php": "8.1" }, - "plugin-api-version": "2.3.0" + "plugin-api-version": "2.6.0" } diff --git a/src/Http/Kernel.php b/src/Http/Kernel.php new file mode 100644 index 0000000..aaafbeb --- /dev/null +++ b/src/Http/Kernel.php @@ -0,0 +1,18 @@ +middleware[] = \Spatie\Csp\AddCspHeaders::class; + } +} diff --git a/src/helpers.php b/src/helpers.php index ec71471..a8689fb 100644 --- a/src/helpers.php +++ b/src/helpers.php @@ -20,6 +20,11 @@ function bootloader(): Bootloader \Yard\Nutshell\Console\Kernel::class ); + $bootloader->getApplication()->bind( + \Roots\Acorn\Http\Kernel::class, + \Yard\Nutshell\Http\Kernel::class + ); + $bootloader->getApplication()->bind( \Roots\Acorn\Exceptions\Handler::class, \Yard\Nutshell\Exceptions\Handler::class