PHP Classes

File: examples/example8.php

Recommend this page to a friend!
  Classes of Tom Postma  >  PHP Content Security Policy generator  >  examples/example8.php  >  Download  
File: examples/example8.php
Role: Example script
Content type: text/plain
Description: Example: how to add the upgrade-insecure-requests directive (for easy https ready)
Class: PHP Content Security Policy generator
Generate CSP headers to prevent security attacks
Author: By
Last change:
Date: 5 years ago
Size: 1,266 bytes
 

Contents

Class file image Download
<?php
require_once('../CSPGenerator.php');
// Automatically rewrite http:// url's to https:// url's when using https(HTTP over TLS/SSL).
CSPGenerator::getInstance()->setUpgradeInsecureRequests(true);
CSPGenerator::getInstance()->addImagesrc('upload.wikimedia.org');

// Set the headers, always call this method before any content output.
CSPGenerator::getInstance()->Parse();
// Start content output.
?><!DOCTYPE html>
<html>
    <head>
        <meta charset="UTF-8">
        <title>example8 - Upgrade-insecure-requests</title>
    </head>
    <body>
<?php
$ishttps
= false;
if (isset(
$_SERVER['HTTPS'])) {
    if (
$_SERVER['HTTPS'] == 'on') {
       
$ishttps = true;
    }
}

if (
$ishttps) { ?>
Image source url starts with http:// protocol handler but it's rewriten to the https:// protocol handler to load the image with https because of the <code>upgrade-insecure-requests</code> directive in the Content Security Policy header.<br />
        <img src="http://upload.wikimedia.org/wikipedia/commons/thumb/d/da/Internet2.jpg/320px-Internet2.jpg" alt="Image with http url will be loaded as https url.">
<?php } else { ?>
<b>To test the Content Security Policy <code>Upgrade-insecure-requests</code> directive it's required to visit this page over https.</b>
<?php } ?>
</body>
</html>

For more information send a message to info at phpclasses dot org.