PHP Classes

File: examples/example9.php

Recommend this page to a friend!
  Classes of Tom Postma  >  PHP Content Security Policy generator  >  examples/example9.php  >  Download  
File: examples/example9.php
Role: Example script
Content type: text/plain
Description: require-sri-for demo.
Class: PHP Content Security Policy generator
Generate CSP headers to prevent security attacks
Author: By
Last change:
Date: 3 years ago
Size: 1,097 bytes
 

Contents

Class file image Download
<?php
require_once('../CSPGenerator.php');

CSPGenerator::getInstance()->addScriptsrc('https://cdn.jsdelivr.net');
// Set that all scripts need integrity attribute.
CSPGenerator::getInstance()->addRequireSRIfor('script');

// Set the headers, always call this method before any content output.
CSPGenerator::getInstance()->Parse();
// Start content output.
?><!DOCTYPE html>
<html>
    <head>
        <meta charset="UTF-8">
        <title>example9 - require-sri-for</title>
    </head>
    <body>
        Open console(F12) and verify that jQuery javascript library is loaded.<br />

        <script type="application/javascript" src="https://cdn.jsdelivr.net/npm/jquery@3.3.1/dist/jquery.min.js"
 integrity="sha256-FgpCb/KJQlLNfOu91ta32o/NMZxltwRo8QtmkMRdAu8="></script>
 
        But qunit javascript library could be blocked on modern webbrowsers due to missing integrity attribute.<br />
        <small>(Firefox 49-60 requires in about:config to set security.csp.experimentalEnabled to true.)</small><br />

        <script type="application/javascript" src="https://cdn.jsdelivr.net/npm/qunit@2.6.1/qunit/qunit.js"></script>

    </body>
</html>

For more information send a message to info at phpclasses dot org.