NelmioSecurityBundle
NelmioSecurityBundle copied to clipboard
nelmio
Adds extra security-related features in your Symfony application
Symfony's default method of deleting cookies is calling $response->headers->clearCookie('cookie_name') which sets the cookie to have a value of null and an expiration in 1 second. This breaks if the cookie...
After the latest Symfony update with this pull [https://github.com/symfony/symfony/pull/46249](https://github.com/symfony/symfony/pull/46249) Symfony refreshes the session on each page view because the implemented regex filter from the pull reequest fails because of the...
This adds an option to allow the use of a custom request matcher, e.g. to exclude certain paths. This fixes #206 partially.
In `config/packages/dev/nelmio_security.yaml` I'm trying to override `hash` (which keeps me from using `unsafe-inline` on my dev environment where I test and have some inlined event handlers). Thus I use ```yaml...
With configuration: ``` yaml nelmio_security: # signs/verifies all cookies signed_cookie: names: ['symfony', 'two_factor_trusted_computer'] ``` I get my system cannot login anymore for any user. Is there a requirement for this?...
Hi Nelmio Team, Based on a number of other request for a similar feature set in #232 #206 , I would like to propose the inclusion of path based configuration,...
See https://github.com/w3c/webappsec-permissions-policy and especially https://github.com/w3c/webappsec-permissions-policy/blob/main/features.md including https://github.com/w3c/webappsec-permissions-policy/pull/420
It would be great if this bundle could support setting the new [COEP](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Embedder-Policy), [COOP](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Opener-Policy) and [CORP](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Resource-Policy) headers in addition to the existing security headers.
Linked to issue #233 This PR extends the current CSP configuration within the Nelmio Security bundle to include the new Trusted-Types policy headers - `trusted-types: ` - `require-trusted-types-for: ` These...
Hi Nelmio Team, I wanted to open a discussion with respect to extending the current CSP module to include support for `trusted-types` and `require-trusted-types-for` headers. Although both Symfony and the...