### Example CSP Header Output

Source: https://github.com/spatie/laravel-csp/blob/main/README.md

Shows the resulting Content-Security-Policy header when directives are added without specific values.

```text
Content-Security-Policy: upgrade-insecure-requests;block-all-mixed-content
```

--------------------------------

### Install spatie/laravel-csp Package via Composer

Source: https://github.com/spatie/laravel-csp/blob/main/README.md

Installs the `spatie/laravel-csp` package into your Laravel project using Composer, adding it as a dependency.

```bash
composer require spatie/laravel-csp
```

--------------------------------

### Run Package Tests

Source: https://github.com/spatie/laravel-csp/blob/main/README.md

This command executes all tests for the Spatie Laravel CSP package, ensuring its functionality and stability.

```bash
composer test
```

--------------------------------

### Configure Multiple CSP Directives and Keywords in Laravel

Source: https://github.com/spatie/laravel-csp/blob/main/README.md

This example illustrates how to define multiple Content Security Policy (CSP) directives and their corresponding keywords within a single configuration entry. It allows `UNSAFE_EVAL` and `UNSAFE_INLINE` for both `SCRIPT` and `STYLE` directives.

```php
'directives' => [
    [[Directive::SCRIPT, Directive::STYLE], [Keyword::UNSAFE_EVAL, Keyword::UNSAFE_INLINE]],
],
```

--------------------------------

### Publish Laravel CSP Configuration File

Source: https://github.com/spatie/laravel-csp/blob/main/README.md

Publishes the default configuration file for the `spatie/laravel-csp` package to `config/csp.php`, allowing customization of CSP settings.

```bash
php artisan vendor:publish --tag=csp-config
```

--------------------------------

### Create Custom CSP Preset Class in PHP

Source: https://github.com/spatie/laravel-csp/blob/main/README.md

Illustrates how to create a custom CSP preset class by implementing the `Preset` interface and configuring specific directives, such as allowing scripts from `www.google.com`.

```PHP
namespace App\Support;

use Spatie\Csp\Directive;
use Spatie\Csp\Keyword;
use Spatie\Csp\Policy;
use Spatie\Csp\Preset;

class MyCspPreset implements Preset
{
    public function configure(Policy $policy): void
    {
        $policy->add(Directive::SCRIPT, 'www.google.com');
    }
}
```

--------------------------------

### Define Basic CSP Preset Class in PHP

Source: https://github.com/spatie/laravel-csp/blob/main/README.md

Provides the full class definition for the default `Basic` CSP preset, demonstrating how various directives are configured with `SELF` or `NONE` keywords and how nonces are added for scripts and styles.

```PHP
namespace Spatie\Csp\Presets;

use Spatie\Csp\Directive;
use Spatie\Csp\Keyword;
use Spatie\Csp\Policy;
use Spatie\Csp\Preset;

class Basic implements Preset
{
    public function configure(Policy $policy): void
    {
        $policy
            ->add(Directive::BASE, Keyword::SELF)
            ->add(Directive::CONNECT, Keyword::SELF)
            ->add(Directive::DEFAULT, Keyword::SELF)
            ->add(Directive::FORM_ACTION, Keyword::SELF)
            ->add(Directive::IMG, Keyword::SELF)
            ->add(Directive::MEDIA, Keyword::SELF)
            ->add(Directive::OBJECT, Keyword::NONE)
            ->add(Directive::SCRIPT, Keyword::SELF)
            ->add(Directive::STYLE, Keyword::SELF)
            ->addNonce(Directive::SCRIPT)
            ->addNonce(Directive::STYLE);
    }
}
```

--------------------------------

### Default Laravel CSP Configuration File Structure

Source: https://github.com/spatie/laravel-csp/blob/main/README.md

Illustrates the structure and default values of the `config/csp.php` file, where you can define CSP presets, directives, report URI, and nonce settings for your application.

```php
return [

    /*
     * Presets will determine which CSP headers will be set. A valid CSP preset is
     * any class that extends `Spatie\Csp\Preset`
     */
    'presets' => [
        Spatie\Csp\Presets\Basic::class,
    ],

    /**
     * Register additional global CSP directives here.
     */
    'directives' => [
        // [Directive::SCRIPT, [Keyword::UNSAFE_EVAL, Keyword::UNSAFE_INLINE]],
    ],

    /*
     * These presets which will be put in a report-only policy. This is great for testing out
     * a new policy or changes to existing CSP policy without breaking anything.
     */
    'report_only_presets' => [
        //
    ],

    /**
     * Register additional global report-only CSP directives here.
     */
    'report_only_directives' => [
        // [Directive::SCRIPT, [Keyword::UNSAFE_EVAL, Keyword::UNSAFE_INLINE]],
    ],

    /*
     * All violations against a policy will be reported to this url.
     * A great service you could use for this is https://report-uri.com/
     */
    'report_uri' => env('CSP_REPORT_URI', ''),

    /*
     * Headers will only be added if this setting is set to true.
     */
    'enabled' => env('CSP_ENABLED', true),

    /**
     * Headers will be added when Vite is hot reloading.
     */
    'enabled_while_hot_reloading' => env('CSP_ENABLED_WHILE_HOT_RELOADING', false),

    /*
     * The class responsible for generating the nonces used in inline tags and headers.
     */
    'nonce_generator' => Spatie\Csp\Nonce\RandomString::class,

    /*
     * Set false to disable automatic nonce generation and handling.
     * This is useful when you want to use 'unsafe-inline' for scripts/styles
     * and cannot add inline nonces.
     * Note that this will make your CSP policy less secure.
     */
    'nonce_enabled' => env('CSP_NONCE_ENABLED', true),
];
```

--------------------------------

### Instruct Vite to use a Custom CSP Nonce

Source: https://github.com/spatie/laravel-csp/blob/main/README.md

This example shows how to define a custom nonce value within your `NonceGenerator` and instruct Vite to use this specific value for CSP by calling `Vite::useCspNonce($myNonce)`. The generated nonce should be a base64-encoded value derived from at least 16 bytes of secure random data.

```php
namespace App\Support;

use Illuminate\Support\Str;
use Illuminate\Support\Facades\Vite;

class RandomString implements NonceGenerator
{
    public function generate(): string
    {
        // Determine the value for `$myNonce` however you want
        $myNonce = '';
    
        Vite::useCspNonce($myNonce);
        
        return $myNonce;
    }
}
```

--------------------------------

### Add CSP Directives Without Specific Values in PHP

Source: https://github.com/spatie/laravel-csp/blob/main/README.md

Explains how to add CSP directives that do not require a specific value, such as `upgrade-insecure-requests` or `block-all-mixed-content`, using `Value::NO_VALUE`.

```PHP
public function configure(Policy $policy): void
{
    $policy
        ->add(Directive::UPGRADE_INSECURE_REQUESTS, Value::NO_VALUE)
        ->add(Directive::BLOCK_ALL_MIXED_CONTENT, Value::NO_VALUE);
}
```

--------------------------------

### Configure CSP Presets in Laravel Config File

Source: https://github.com/spatie/laravel-csp/blob/main/README.md

Shows how to update the `presets` key in the `csp` config file to include custom CSP preset classes alongside default ones.

```PHP
'presets' => [
    Spatie\Csp\Presets\Basic::class,
    App\Support\MyCspPreset::class,
],
```

--------------------------------

### Register Global CSP Headers Middleware in Laravel

Source: https://github.com/spatie/laravel-csp/blob/main/README.md

Registers the `Spatie\Csp\AddCspHeaders` middleware globally in `bootstrap/app.php` to automatically add CSP headers to all responses of your Laravel application.

```php
use Spatie\Csp\AddCspHeaders;

->withMiddleware(function (Middleware $middleware) {
     $middleware->append(AddCspHeaders::class);
})
```

--------------------------------

### Add Single Value to Multiple CSP Directives in PHP

Source: https://github.com/spatie/laravel-csp/blob/main/README.md

Shows how to apply a single value to multiple CSP directives by passing an array of `Directive` constants to the `add` method.

```PHP
public function configure(Policy $policy): void
{
    $policy->add([Directive::SCRIPT, DIRECTIVE::STYLE], 'www.google.com');
}
```

--------------------------------

### Add Nonce to CSP Policy for Inline Scripts/Styles in PHP

Source: https://github.com/spatie/laravel-csp/blob/main/README.md

Demonstrates how to configure a CSP policy to include nonces for `SCRIPT` and `STYLE` directives, enabling secure use of inline scripts and styles.

```PHP
public function configure(Policy $policy): void
{
    $policy
        ->add(Directive::SCRIPT, 'self')
        ->add(Directive::STYLE, 'self')
        ->addNonce(Directive::SCRIPT)
        ->addNonce(Directive::STYLE);
}
```

--------------------------------

### Add Multiple Values to Single or Multiple CSP Directives in PHP

Source: https://github.com/spatie/laravel-csp/blob/main/README.md

Illustrates how to assign multiple keywords or values to a single directive, or multiple values to multiple directives, by passing arrays of keywords/values to the `add` method.

```PHP
public function configure(Policy $policy): void
{
    $policy
        ->add(Directive::SCRIPT, [Keyword::UNSAFE_EVAL, Keyword::UNSAFE_INLINE]],)
        ->add([Directive::SCRIPT, DIRECTIVE::STYLE], ['www.google.com', 'analytics.google.com']);
}
```

--------------------------------

### Configure Basic CSP Directives in Laravel

Source: https://github.com/spatie/laravel-csp/blob/main/README.md

This snippet demonstrates how to register basic Content Security Policy (CSP) directives and report-only directives in the `config/csp.php` file. It shows how to allow `UNSAFE_EVAL` for scripts and report `UNSAFE_INLINE` for scripts.

```php
'directives' => [
    [Directive::SCRIPT, Keyword::UNSAFE_EVAL],
],

'report_only_directives' => [
    [Directive::SCRIPT, Keyword::UNSAFE_INLINE],
],
```

--------------------------------

### Apply CSP Headers Middleware to a Specific Route

Source: https://github.com/spatie/laravel-csp/blob/main/README.md

Applies the `Spatie\Csp\AddCspHeaders` middleware to a specific route or route group, enabling CSP headers only for those requests.

```php
// In your routes file
Route::get('my-page', 'MyController')
    ->middleware(AddCspHeaders::class);
```

--------------------------------

### Add Single CSP Directive Values in PHP

Source: https://github.com/spatie/laravel-csp/blob/main/README.md

Demonstrates how to add single values to CSP directives using the `add` method, including keywords like `SELF` and SHA256 hashes. The package automatically handles quoting of values.

```PHP
public function configure(Policy $policy): void
{
    $policy
        // Will output `'self'` when outputting headers
        ->add(Directive::SCRIPT, Keyword::SELF)
        // Will output `'sha256-hash'` when outputting headers
        ->add(Directive::STYLE, 'sha256-hash');
}
```

--------------------------------

### Apply CSP Headers Middleware with an Overriding Preset

Source: https://github.com/spatie/laravel-csp/blob/main/README.md

Applies the `Spatie\Csp\AddCspHeaders` middleware to a route, passing a custom preset class as a parameter to override the globally configured CSP presets for that specific route.

```php
// In your routes file
Route::get('my-page', 'MyController')
    ->middleware(AddCspHeaders::class . ':' . MyPreset::class);
```

--------------------------------

### Render Specific CSP Preset as HTML Meta Tag

Source: https://github.com/spatie/laravel-csp/blob/main/README.md

You can use the `@cspMetaTag` directive to render a CSP policy for a specific preset by passing its fully qualified class name as an argument. This provides granular control over which policy is outputted.

```blade
<head>
    @cspMetaTag(App\Support\MyCustomPreset::class)
</head>
```

--------------------------------

### Apply CSP Nonce to Inline HTML Elements in Blade

Source: https://github.com/spatie/laravel-csp/blob/main/README.md

Illustrates how to add the `@cspNonce` Blade directive to `<style>` and `<script>` tags to automatically inject the nonce attribute, allowing inline content while maintaining CSP security.

```Blade
<style @cspNonce>
   ...
</style>

<script @cspNonce>
   ...
</script>
```

--------------------------------

### Generate CSP Nonce using Laravel Vite

Source: https://github.com/spatie/laravel-csp/blob/main/README.md

This PHP class demonstrates how to create a custom NonceGenerator that retrieves the CSP nonce generated by Laravel's Vite plugin using `Vite::cspNonce()`. This nonce can then be used in your CSP configuration.

```php
namespace App\Support;

use Illuminate\Support\Str;
use Illuminate\Support\Facades\Vite;

class LaravelViteNonceGenerator implements NonceGenerator
{
    public function generate(): string
    {
        return Vite::cspNonce();
    }
}
```

--------------------------------

### Add CSP Policy as Meta Tag using Blade Directive

Source: https://github.com/spatie/laravel-csp/blob/main/README.md

Uses the `@cspMetaTag` Blade directive to register CSP policies as a meta tag within the `<head>` section of your Blade layout, providing an alternative to HTTP headers.

```blade
{{-- app/layout.blade.php --}}
<head>
    @cspMetaTag
</head>
```

--------------------------------

### Render CSP Policy as HTML Meta Tag

Source: https://github.com/spatie/laravel-csp/blob/main/README.md

This Blade directive allows you to output the configured CSP policy as an HTML meta tag within the `<head>` section of your webpage. This is useful for scenarios where HTTP headers are not controllable or when dealing with large policies.

```blade
<head>
    @cspMetaTag
</head>
```

--------------------------------

### Render Specific CSP Preset in Report-Only Mode as Meta Tag

Source: https://github.com/spatie/laravel-csp/blob/main/README.md

The `@cspMetaTagReportOnly` Blade directive allows you to render a specific CSP preset in report-only mode. This means violations will be reported without blocking content, which is useful for testing and monitoring.

```blade
<head>
    @cspMetaTagReportOnly(App\Support\MyCustomPreset::class)
</head>
```

--------------------------------

### Update laravel-csp Configuration from Policies to Presets

Source: https://github.com/spatie/laravel-csp/blob/main/UPGRADE.md

This diff shows the required changes in the `laravel-csp` configuration file when upgrading from version 2.x to 3.x. It demonstrates how the `policy` and `report_only_policy` keys are replaced by `presets` and `report_only_presets` respectively, allowing for multiple CSP presets to be used simultaneously.

```diff
 return [
-    'policy' => Spatie\Csp\Policies\Basic::class,
+    'presets' => [
+        Spatie\Csp\Presets\Basic::class,
+    ],
-    'report_only_policy' => '',
+    'report_only_presets' => [
+        //    
+    ],

```

--------------------------------

### Refactor Custom CSP Policy to Preset in laravel-csp v3

Source: https://github.com/spatie/laravel-csp/blob/main/UPGRADE.md

This diff illustrates how to refactor a custom CSP policy class from `laravel-csp` v2 to a preset in v3. It highlights the change from extending `Spatie\Csp\Policies\Policy` to implementing `Spatie\Csp\Preset`, the updated `configure` method signature, and the renaming of `addDirective` to `add` and `addNonceForDirective` to `addNonce`.

```diff
 use Spatie\Csp\Directive;
 use Spatie\Csp\Keyword;
-use Spatie\Csp\Policies\Policy;
+use Spatie\Csp\Policy;
+use Spatie\Csp\Preset;

-class MyPolicy extends Policy
+class MyPolicy implements Preset
 {
-    public function configure()
+    public function configure(Policy $policy): void
     {
-        return $this
-            ->addDirective(Directive::SCRIPT, Keyword::SELF)
-            ->addNonceForDirective(Directive::SCRIPT);
+        $policy
+            ->add(Directive::SCRIPT, Keyword::SELF)
+            ->addNonce(Directive::SCRIPT);
     }
 }

```

=== COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.