acolyte/laravel-security

laravel-security helps you secure your Laravel apps by setting various HTTP headers. it can help!

Maintainers

Details

github.com/ialaminpro/laravel-security

Source

Issues

Installs: 70

Dependents: 0

Suggesters: 0

Security: 0

Stars: 1

Watchers: 1

Forks: 0

Open Issues: 0

Type:package

1.0.0 2023-02-10 10:20 UTC

MIT 0f19f7b84274ccdfe7e0321fe7770b120640fb46

  • Al Amin <ialamin.pro.woop@gmail.com>

securitycorsdnslaravelxssattackvulnerabilityno-cacheclickjackingx-powered-bynoSniff

This package is auto-updated.

Last update: 2025-05-10 18:34:18 UTC

README

Packagist Downloads GitHub repo size GitHub

Laravel-Security helps you secure your Laravel apps by setting various HTTP headers. It's not a silver bullet, but it can help!

Quick start

First, You can install the package via composer:

composer require acolyte/laravel-security

If you would like to assign middleware to specific routes, you should first assign the middleware a key in your app/Http/Kernel.php file. By default, the $routeMiddleware property of this class contains entries for the middleware included with Laravel

// Within App\Http\Kernel Class...

protected $routeMiddleware = [
    'auth' => \App\Http\Middleware\Authenticate::class,
    'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
    'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
    'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,
    'can' => \Illuminate\Auth\Middleware\Authorize::class,
    'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
    'signed' => \Illuminate\Routing\Middleware\ValidateSignature::class,
    'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
    'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
    'no-cache' => \Acolyte\LaravelSecurity\Middleware\CacheMiddleware::class
];

Documentation

For installation instructions, in-depth usage and deployment details, please take a look at the official documentation.

Requirements

Laravel-Security has a few requirements you should be aware of before installing :

  • Composer
  • Laravel Framework 5.4+

Solved : Security vulnerability

Laravel-Security is a collection of 9 smaller middleware functions that set HTTP response headers.

Vulnerability Middleware Class Included
Cache Control Attack Acolyte\LaravelSecurity\Middleware\CacheMiddleware::class
Cross-Origin Resource Sharing (CORS) Acolyte\LaravelSecurity\Middleware\CorsMiddleware::class
X-Permitted-Cross-Domain-Policies Acolyte\LaravelSecurity\Middleware\CrossDomainMiddleware::class
DNS Prefetch Control  Acolyte\LaravelSecurity\Middleware\DnsMiddleware::class
Click Jacking Attack Acolyte\LaravelSecurity\Middleware\FrameGuardMiddleware::class
Strict-Transport-Security  Acolyte\LaravelSecurity\Middleware\HstsMiddleware::class
Mime Sniffing Attack Acolyte\LaravelSecurity\Middleware\NoSniffMiddleware::class
X-Powered-By Attack Acolyte\LaravelSecurity\Middleware\XPoweredByMiddleware::class
 XSS Attack  Acolyte\LaravelSecurity\Middleware\XssMiddleware::class

Contributing

Whether you're helping us fix bugs, improve the docs, or spread the word, we'd love to have you as part of the Laravel-Security community! 💪💜 See CONTRIBUTING.md for more information on what we're looking for and how to get started.

License

The Laravel-Security package is open-source software licensed under the MIT license.