/silverstripe-security-headers

Silverstripe vendor module for configuring security headers and seeing reported CSP violations.

Primary LanguagePHPBSD 3-Clause "New" or "Revised" LicenseBSD-3-Clause

Build Status Scrutinizer Code Quality

SilverStripe security headers

Inspired by Guttmann/silverstripe-security-headers.

SilverStripe module for easily adding a selection of useful HTTP headers.

Additionally provides a report of Content Security Policy violations.

Comes with a default set of headers configured, but can be used to add any headers you wish (as well as overriding or removing the default headers).

Install

For SilverStripe 3, see the appropriate branch

Install via composer:

composer require signify-nz/silverstripe-security-headers

Usage

For information on how to setup and use this module, please refer to the documentation.

Contributing

If you would like to contribute either via code fixes, enhancements, or localisations, please see the contributing guidelines.

CSS/JS Development

Setup

For development you will need Node.js and yarn installed.

Next, you need to install the required npm packages.

yarn install

Compiling assets

You can compile assets using yarn watch.

Produce minified (production) files using yarn package.

Linting

Check over your JavaScript and SASS source code individually:

yarn lint-js
yarn lint-sass

You can also lint both in a single command:

yarn lint