A Laravel package that simplifies setting Content Security Policy headers to enhance web application security.
Set content security policy headers in a Laravel app
This tool is used by Laravel developers to easily configure and enforce Content Security Policy (CSP) headers in their web applications, preventing malicious scripts from sending or fetching data to unauthorized sites. It helps mitigate risks such as data exfiltration by restricting which external domains scripts can interact with. Security-conscious developers and teams aiming to harden their Laravel apps against cross-site scripting and related attacks would benefit from this package.
Users should familiarize themselves with Content Security Policy concepts and directives before configuring this package, as improper CSP settings can break site functionality. It is recommended to use report-only mode initially to test policies without blocking content. Refer to Mozilla's CSP documentation and related resources for best practices.
Run `composer require spatie/laravel-csp` to install the package
Publish the config file using `php artisan vendor:publish --tag=csp-config`
Configure CSP presets and directives in `config/csp.php`composer require spatie/laravel-csp
Installs the laravel-csp package via Composer.
php artisan vendor:publish --tag=csp-config
Publishes the package configuration file to the Laravel config directory.