jcaillot/owasp-listener

Symfony Response Event Listener for OWASP headers

Maintainers

Details

github.com/jcaillot/owasp-listener

Source

Issues

Installs: 7

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 1

Forks: 0

Open Issues: 0

v1.0.1 2021-09-30 02:26 UTC

Requires

Requires (Dev)

MIT a37550aa2fc7e0cb9bce88c2c1c5becb3a35c235

  • jerome caillot <jerome.woop@chaman.ca>

symfonyowaspresponse headers

This package is auto-updated.

Last update: 2024-03-29 04:46:02 UTC

README

OWASP header Response EventListener for the Symfony framework

Symfony Response event listener, adds OWASP recommended HTTP headers

Prerequisites

Symfony >= 4

Installation

`composer require jcaillot/owasp-listener`

In config/services.yaml add the following:

Chaman\EventListener\OwaspHeaderListener:
    tags:
        - { name: kernel.event_listener, event: kernel.response, method: onKernelResponse }
    arguments:
       - {
         #'Strict-Transport-Security': 'max-age=31536000 ; includeSubDomains',
         'Content-Type': 'text/html; charset=utf-8',
         'X-Content-Type-Option': 'nosniff',
         'X-XSS-Protection': '1; mode=block',
         'X-Frame-Options': 'DENY',
         'X-Permitted-Cross-Domain-Policies': 'none',
         'Referrer-Policy': 'same-origin',
         'Content-Security-Policy': 'frame-ancestors ''none''',
         'Feature-Policy': 'camera: ''none''; payment: ''none''; microphone: ''none'''
        }

About OWASP recommender headers

More infos on OWASP recommended headers can be found on the OWASP Secure Headers Project Wiki:

OWASP

License

MIT