You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+34-13Lines changed: 34 additions & 13 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -4,9 +4,10 @@ A Zend Framework 3 module that lets you log exceptions, errors or whatever you w
4
4
5
5
ZendSentry is released under the MIT License.
6
6
7
-
The current version of ZendSentry for ZF3 is `3.5.0`. It supports Zend Framework >= 3.0. For other versions see tags in the 1.* series as well as 2.* series. **NB!** We are not supporting the old branches anymore.
7
+
The current version of ZendSentry for ZF3 is `3.6.0`. It supports Zend Framework >= 3.0. For other versions see tags in the 1.* series as well as 2.* series. **NB!** We are not supporting the old branches anymore.
- 3.5.0: Add support for new Sentry DSN, deprecate old DSN for later removal
11
12
- 3.4.0: Add possibility to switch off usage of raven-js CDN
12
13
- 3.3.0: Add possibility to pass config options to ravenjs
@@ -23,17 +24,18 @@ easy to setup and does a lot of things out-of-the-box.
23
24
24
25
Features and capabilities:
25
26
26
-
* log uncatched PHP exceptions to Sentry automagically
27
-
* log PHP errors to Sentry automagically
28
-
* log uncatched Javascript errors to Sentry automagically
29
-
* capture Exceptions to Sentry by triggering an event listener
30
-
* log anything you like to Sentry by triggering an event listener
31
-
* ZF ExceptionStrategy for Http as well as the CLI (automatic selection)
32
-
* log actions return the Sentry event_id
33
-
* Raven is registered as a Service
34
-
* override Raven config defaults
35
-
* pass config options to ravenjs
36
-
* configure error messages
27
+
* log uncatched PHP exceptions to Sentry automagically.
28
+
* log PHP errors to Sentry automagically.
29
+
* log uncatched Javascript errors to Sentry automagically.
30
+
* capture Exceptions to Sentry by triggering an event listener.
31
+
* log anything you like to Sentry by triggering an event listener.
32
+
* ZF ExceptionStrategy for Http as well as the CLI (automatic selection).
33
+
* log actions return the Sentry event_id.
34
+
* Raven is registered as a Service.
35
+
* override Raven config defaults.
36
+
* pass config options to ravenjs.
37
+
* configure error messages.
38
+
* inject a Content-Security-Policy` nonce for the inline script rendering. Makes it possible for you to create a CSP without `unsafe-inline` as script source.
37
39
38
40
# Installation
39
41
@@ -42,7 +44,7 @@ In your project's `composer.json` use:
42
44
43
45
{
44
46
"require": {
45
-
"cloud-solutions/zend-sentry": "3.5.0"
47
+
"cloud-solutions/zend-sentry": "3.6.0"
46
48
}
47
49
48
50
Run `php composer.phar update` to download it into your vendor folder and setup autoloading.
@@ -146,6 +148,25 @@ You might want to do something like this e.g. in your `AbstractActionController:
146
148
);
147
149
}
148
150
151
+
# Injecting a CSP nonce (NB! temporary solution)
152
+
153
+
If you've already implemented a Content Security Policy in your app, chances are you're using a nonce for dynamic inline javascript.
154
+
If so, you can now inject your nonce into ZendSentry:
if (typeof Raven !== 'undefined') Raven.config('https://yourpublickey@sentry.io/5374', []).install()
165
+
//]]>
166
+
</script>
167
+
168
+
Please note that we regard this as a temporary solution. It would be much better for ZendSentry to define its own CSP header.
169
+
Right now Zend Framework is not handling multiple CSP headers the right way (see also [this issue](https://github.com/zendframework/zend-http/issues/159) in `zend-http`).
0 commit comments