README

Build and apply Permissions-Policy (formerly Feature-Policy) headers in Laravel applications.

Requirements

composer require codebar-ag/laravel-feature-policy

Publish configuration (optional):

php artisan vendor:publish --tag=laravel-feature-policy-config

The published config file is config/feature-policy.php. You can also rely on environment variables:

Env	Config key	Default	Purpose
`FPH_ENABLED`	`enabled`	`true`	Master switch; when false, middleware does not apply policy headers.
—	`policy`	`null`	Fully qualified class name of your policy (must extend `CodebarAg\LaravelFeaturePolicy\Policies\Policy`).
`FPH_PROPOSAL_ENABLED`	`directives.proposal`	`false`	Enable proposed directive group.
`FPH_EXPERIMENTAL_ENABLED`	`directives.experimental`	`false`	Enable experimental directive handling.
`FPH_REPORTING_ENABLED`	`reporting.enabled`	`false`	Add `Reporting-Endpoints` and related reporting metadata.
`FPH_REPORT_ONLY`	`reporting.report_only`	`false`	When reporting is on, also emit `Permissions-Policy-Report-Only`.
`FPH_REPORTING_URL`	`reporting.url`	(see config)	Endpoint URL for violation reports.

Implement a policy class with a configure() method that calls addDirective() (see package tests and Policies\Policy).

use CodebarAg\LaravelFeaturePolicy\AddFeaturePolicyHeaders;

$middleware->web(append: [
    AddFeaturePolicyHeaders::class,
]);

You may pass a specific policy class as a middleware parameter:

Route::get('/admin', AdminController::class)
    ->middleware(AddFeaturePolicyHeaders::class.':'.AdminPermissionsPolicy::class);

Run Laravel Pint in test mode:

composer lint

Run static analysis (PHPStan + Larastan):

composer analyse

Run the test suite:

composer test

Run tests with code coverage and a 100% minimum (requires the PCOV or Xdebug PHP extension):

composer test-coverage

Run lint, analysis, and tests together:

composer quality

MIT