itox-gmbh / laravel-security
Laravel security hardening package
Fund package maintenance!
IToX GmbH
Requires
- php: ^8.4
- illuminate/contracts: ^11.0||^12.0
- spatie/laravel-package-tools: ^1.16
Requires (Dev)
- larastan/larastan: ^2.9||^3.0
- laravel/pint: ^1.14
- nunomaduro/collision: ^8.1.1||^7.10.0
- orchestra/testbench: ^10.0.0||^9.0.0||^8.22.0
- pestphp/pest: ^3.0
- pestphp/pest-plugin-arch: ^3.0
- pestphp/pest-plugin-laravel: ^3.0
- phpstan/extension-installer: ^1.3||^2.0
- phpstan/phpstan-deprecation-rules: ^1.1||^2.0
- phpstan/phpstan-phpunit: ^1.3||^2.0
- spatie/laravel-ray: ^1.35
This package is auto-updated.
Last update: 2025-06-16 04:36:33 UTC
README
Installation
You can install the package via composer:
composer require itox-gmbh/laravel-security
You can publish and run the migrations with:
php artisan security:install
Usage
Change the security.php in your config folder to you needs
'enforceSSL' => true, 'headers' => [ 'hsts' => true, 'x-frame-options' => 'SAMEORIGIN', 'x-content-type-options' => 'nosniff', 'x-xss-protection' => '1; mode=block', 'permissions-policy' => 'camera=(), microphone=(), geolocation=(), fullscreen=(self), payment=(), accelerometer=(), gyroscope=()', 'feature-policy' => "camera 'none'; microphone 'none'; geolocation 'none'; fullscreen 'none'; payment 'none'; accelerometer 'none'; gyroscope 'none';", ],
Changelog
Please see CHANGELOG for more information on what has changed recently.
Security Vulnerabilities
Please review our security policy on how to report security vulnerabilities.
Credits
License
The MIT License (MIT). Please see License File for more information.