Version 2.3.0

• #21 - Add always clause to nginx header. Thanks @alainwolf
• #17 - Add support for blob:, filesystem:, and data: URIs.
• Added CSPBuilder::fromArray() because its absence seemed confusing if you're not familiar with the constructor.
• Minor documentation improvements. Not nearly enough to close #18, though.

Version 2.2.0

• Add dedicated API method for setting report-to/report-uri directives.
• Add support for 'strict-dynamic' and 'unsafe-hashed-attributes'

Version 1.4.0

Contains a year of bugfixes and tweaks from the v2 branch, backported for PHP 5 support.

Version 2.1.0

• Added several helper methods, e.g. setDataAllowed() and setSelfAllowed(), for programatically allowing self and data: URIs for a specific directive.
• CSP-Builder is now type-safe! This can be verified by Psalm. In future releases, this will be enforced by Travis CI.
• Docblock and unit test cleanup.

Version 2.0.1

Allow CSPBuilder instances to be instantiated from a JSON string. Thanks @renanmpimentel

Version 1.3.3

Version 1.3.2 broke somewhere in the git chain, so v1.3.3 it is.

Version 2.0.0

Version 2.0.0 requires PHP 7.

This allows us to use strict typing and drop random_compat as a dependency.

Version 1.3.1

• Minor (some annoying) bug fixes
• Fix whitespace in unsafe-eval directives

Full list here: v1.3.0...v1.3.1

Version 1.3.0

A lot of bugfixes since 1.2.0.

BC break: Changed our erroneous connect-uri and font-uri directives to connect-src and font-src respectively.

• README
• Changes since v1.2.0

Before version 1.4, I'd like to improve the documentation and unit test coverage. Feel free to open any issues for bugs you encounter or feature requests you might have.

Version 1.2.4

Use normal Base64 encoding for CSP hashes.