2017 © Pedro Peláez
 

symfony-bundle security-bundle

Extra security-related features for Symfony: signed/encrypted cookies, HTTPS/SSL/HSTS handling, cookie session storage, ...

image

nelmio/security-bundle

Extra security-related features for Symfony: signed/encrypted cookies, HTTPS/SSL/HSTS handling, cookie session storage, ...

  • Monday, July 9, 2018
  • by Seldaek
  • Repository
  • 25 Watchers
  • 481 Stars
  • 711,862 Installations
  • PHP
  • 10 Dependents
  • 0 Suggesters
  • 47 Forks
  • 20 Open issues
  • 29 Versions
  • 11 % Grown

The README.md

NelmioSecurityBundle

About

The NelmioSecurityBundle provides additional security features for your Symfony application., (*1)

Installation

Require the nelmio/security-bundle package in your composer.json and update your dependencies:, (*2)

composer require nelmio/security-bundle

The bundle should be automatically enabled by Symfony Flex. If you don't use Flex, you'll need to enable it manually as explained [in the docs][2]., (*3)

Features

Read [the docs][2] for the details and configuration needed for each feature:, (*4)

  • Content Security Policy: Cross site scripting attacks (XSS) can be mitigated in modern browsers using a policy which instructs the browser never to execute inline scripts, or never to load content from another domain than the page's domain., (*5)

  • Signed Cookies: Specify certain cookies to be signed, so that the user cannot modify them. Note that they will not be encrypted, but signed only. The contents will still be visible to the user., (*6)

  • Clickjacking Protection: X-Frame-Options header is added to all responses to prevent your site from being put in a frame/iframe. This can have serious security implications as it has been demonstrated time and time again with Facebook and others. You can allow framing of your site from itself or from anywhere on a per-URL basis., (*7)

  • External Redirects Detection: Redirecting from your site to arbitrary URLs based on user input can be exploited to confuse users into clicking links that seemingly point to valid sites while they in fact lead to malicious content. It also may be possible to gain PageRank that way., (*8)

  • Forced HTTPS/SSL Handling: This forces all requests to go through SSL. It will also send HSTS headers so that modern browsers supporting it can make users use HTTPS even if they enter URLs without https, avoiding attacks on public Wi-Fi., (*9)

  • Flexible HTTPS/SSL Handling: If you don't want to force all users to use HTTPS, you should at least use secure session cookies and force SSL for logged-in users. But then logged-in users appear logged-out when they access a non-HTTPS resource. This is not really a good solution. This will make the application detect logged-in users and redirect them to a secure URL, without making the session cookie insecure., (*10)

  • Disable Content Type Sniffing: Require that scripts are loaded using the correct mime type. This disables the feature that some browsers have which uses content sniffing to determine if the response is a valid script file or not., (*11)

  • (DEPRECATED) XSS Protection: Enables/Disables Microsoft XSS Protection on compatible browsers (IE 8 and newer)., (*12)

  • Referrer Policy: Referrer-Policy header is added to all responses to control the Referer header that is added to requests made from your site, and for navigations away from your site by browsers., (*13)

Usage

See [the documentation][2] for usage instructions., (*14)

License

Released under the MIT License, see LICENSE., (*15)

The Versions

09/07 2018

dev-master

9999999-dev

Extra security-related features for Symfony: signed/encrypted cookies, HTTPS/SSL/HSTS handling, cookie session storage, ...

  Sources   Download

MIT

The Requires

 

The Development Requires

security

21/03 2018

2.5.1

2.5.1.0

Extra security-related features for Symfony: signed/encrypted cookies, HTTPS/SSL/HSTS handling, cookie session storage, ...

  Sources   Download

MIT

The Requires

 

The Development Requires

security

26/02 2018

2.5.0

2.5.0.0

Extra security-related features for Symfony: signed/encrypted cookies, HTTPS/SSL/HSTS handling, cookie session storage, ...

  Sources   Download

MIT

The Requires

 

The Development Requires

security

22/06 2017

2.4.0

2.4.0.0

Extra security-related features for Symfony: signed/encrypted cookies, HTTPS/SSL/HSTS handling, cookie session storage, ...

  Sources   Download

MIT

The Requires

 

The Development Requires

security

17/03 2017

2.3.1

2.3.1.0

Extra security-related features for Symfony: signed/encrypted cookies, HTTPS/SSL/HSTS handling, cookie session storage, ...

  Sources   Download

MIT

The Requires

 

The Development Requires

security

17/03 2017

2.3.0

2.3.0.0

Extra security-related features for Symfony: signed/encrypted cookies, HTTPS/SSL/HSTS handling, cookie session storage, ...

  Sources   Download

MIT

The Requires

 

The Development Requires

security

13/02 2017

2.2.4

2.2.4.0

Extra security-related features for Symfony: signed/encrypted cookies, HTTPS/SSL/HSTS handling, cookie session storage, ...

  Sources   Download

MIT

The Requires

 

The Development Requires

security

13/02 2017

2.2.3

2.2.3.0

Extra security-related features for Symfony: signed/encrypted cookies, HTTPS/SSL/HSTS handling, cookie session storage, ...

  Sources   Download

MIT

The Requires

 

The Development Requires

security

07/02 2017

2.2.2

2.2.2.0

Extra security-related features for Symfony: signed/encrypted cookies, HTTPS/SSL/HSTS handling, cookie session storage, ...

  Sources   Download

MIT

The Requires

 

The Development Requires

security

07/02 2017

2.2.1

2.2.1.0

Extra security-related features for Symfony: signed/encrypted cookies, HTTPS/SSL/HSTS handling, cookie session storage, ...

  Sources   Download

MIT

The Requires

 

The Development Requires

security

06/02 2017

2.2.0

2.2.0.0

Extra security-related features for Symfony: signed/encrypted cookies, HTTPS/SSL/HSTS handling, cookie session storage, ...

  Sources   Download

MIT

The Requires

 

The Development Requires

security

26/01 2017

2.1.0

2.1.0.0

Extra security-related features for Symfony: signed/encrypted cookies, HTTPS/SSL/HSTS handling, cookie session storage, ...

  Sources   Download

MIT

The Requires

 

The Development Requires

security

19/10 2016

2.0.4

2.0.4.0

Extra security-related features for Symfony: signed/encrypted cookies, HTTPS/SSL/HSTS handling, cookie session storage, ...

  Sources   Download

MIT

The Requires

 

The Development Requires

security

13/10 2016

2.0.3

2.0.3.0

Extra security-related features for Symfony: signed/encrypted cookies, HTTPS/SSL/HSTS handling, cookie session storage, ...

  Sources   Download

MIT

The Requires

 

The Development Requires

security

24/08 2016

2.0.2

2.0.2.0

Extra security-related features for Symfony: signed/encrypted cookies, HTTPS/SSL/HSTS handling, cookie session storage, ...

  Sources   Download

MIT

The Requires

 

The Development Requires

security

04/06 2016

2.0.1

2.0.1.0

Extra security-related features for Symfony: signed/encrypted cookies, HTTPS/SSL/HSTS handling, cookie session storage, ...

  Sources   Download

MIT

The Requires

 

The Development Requires

security

17/05 2016

2.0.0

2.0.0.0

Extra security-related features for Symfony: signed/encrypted cookies, HTTPS/SSL/HSTS handling, cookie session storage, ...

  Sources   Download

MIT

The Requires

 

The Development Requires

security

23/02 2016

1.10.0

1.10.0.0

Extra security-related features for Symfony: signed/encrypted cookies, HTTPS/SSL/HSTS handling, cookie session storage, ...

  Sources   Download

MIT

The Requires

 

The Development Requires

security

17/01 2016

1.9.1

1.9.1.0

Extra security-related features for Symfony: signed/encrypted cookies, HTTPS/SSL/HSTS handling, cookie session storage, ...

  Sources   Download

MIT

The Requires

 

security

04/01 2016

1.9.0

1.9.0.0

Extra security-related features for Symfony: signed/encrypted cookies, HTTPS/SSL/HSTS handling, cookie session storage, ...

  Sources   Download

MIT

The Requires

 

security

12/09 2015

1.8.0

1.8.0.0

Extra security-related features for Symfony2: signed/encrypted cookies, HTTPS/SSL/HSTS handling, cookie session storage, ...

  Sources   Download

MIT

The Requires

 

security

10/05 2015

1.7.0

1.7.0.0

Extra security-related features for Symfony2: signed/encrypted cookies, HTTPS/SSL/HSTS handling, cookie session storage, ...

  Sources   Download

MIT

The Requires

 

security

01/02 2015

1.6.0

1.6.0.0

Extra security-related features for Symfony2: signed/encrypted cookies, HTTPS/SSL/HSTS handling, cookie session storage, ...

  Sources   Download

MIT

The Requires

 

security

01/01 2015

1.5.0

1.5.0.0

Extra security-related features for Symfony2: signed/encrypted cookies, HTTPS/SSL/HSTS handling, cookie session storage, ...

  Sources   Download

MIT

The Requires

 

security

13/02 2014

1.4.0

1.4.0.0

Extra security-related features for Symfony2: signed/encrypted cookies, HTTPS/SSL/HSTS handling, cookie session storage, ...

  Sources   Download

MIT

The Requires

 

security

08/01 2014

1.3.0

1.3.0.0

Extra security-related features for Symfony2: signed/encrypted cookies, HTTPS/SSL/HSTS handling, cookie session storage, ...

  Sources   Download

MIT

The Requires

 

security

29/07 2013

1.2.0

1.2.0.0

Extra security-related features for Symfony2: signed/encrypted cookies, HTTPS/SSL/HSTS handling, cookie session storage, ...

  Sources   Download

MIT

The Requires

 

security

27/03 2013

1.1.0

1.1.0.0

Extra security-related features for Symfony2: signed/encrypted cookies, HTTPS/SSL/HSTS handling, cookie session storage, ...

  Sources   Download

MIT

The Requires

 

security

08/01 2013

1.0.0

1.0.0.0

Extra security-related features for Symfony2

  Sources   Download

MIT

The Requires

 

security