I'm working on a PHP class to help configure security headers like CSP, it'll also (configurably) automatically inject flags into cookies with certain substrings in their name (like auth, sess) to try and better protect session data (upcoming version will enable use of SameSite – an attribute that isn't supported in PHPs setcookie yet). There's a bunch of other stuff too, just to highlight the most useful features IMO.
There's already some great work been done (by others) to help make this much easier to integrate into frameworks (where use of PHPs global methods directly isn't really possible).
If anyone is familiar with headers and cookies in a particular framework they use, then they could be of help by creating an adapter for it on the 2.0 dev branch here: github.com/aidantwoods/SecureHeade...
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I'm working on a PHP class to help configure security headers like CSP, it'll also (configurably) automatically inject flags into cookies with certain substrings in their name (like
auth
,sess
) to try and better protect session data (upcoming version will enable use ofSameSite
– an attribute that isn't supported in PHPssetcookie
yet). There's a bunch of other stuff too, just to highlight the most useful features IMO.There's already some great work been done (by others) to help make this much easier to integrate into frameworks (where use of PHPs global methods directly isn't really possible).
If anyone is familiar with headers and cookies in a particular framework they use, then they could be of help by creating an adapter for it on the 2.0 dev branch here: github.com/aidantwoods/SecureHeade...