guttmann/silverstripe-security-headers

Installs: 2 797

Dependents: 0

Suggesters: 0

Stars: 1

Watchers: 1

Forks: 4

Open Issues: 1

Type:silverstripe-vendormodule

1.0.4 2018-03-01 02:30 UTC

README

Build Status Code Coverage Scrutinizer Code Quality

SilverStripe module for easily adding a selection of useful HTTP headers.

Comes with a default set of headers configured, but can be used to add any headers you wish.

Install

Install via composer:

composer require guttmann/silverstripe-security-headers 1.0.*

Usage

Apply the extension

Apply the SecurityHeaderControllerExtension to the controller of your choice.

For example, add this to your mysite/_config/config.yml file:

Page_Controller:
  extensions:
    - Guttmann\SilverStripe\SecurityHeaderControllerExtension

Configure the headers

Configure header values to suit your site, it's important your config is loaded after the security-headers module's config.

For example, your mysite/_config/config.yml file might look like this:

---
Name: mysite
After:
  - 'framework/*'
  - 'cms/*'
  - 'security-headers/*'
---
Guttmann\SilverStripe\SecurityHeaderControllerExtension:
  headers:
    Content-Security-Policy: "default-src 'self' *.google-analytics.com;"
    Strict-Transport-Security: "max-age=2592000"

Disclaimer

I am not a security expert - the default header values used in this module are based on advice I have received from a number of sources.

They are not set in stone and if you see any issues please send me a pull request.