jcaillot / owasp-listener
Symfony Response Event Listener for OWASP headers
v1.0.1
2021-09-30 02:26 UTC
Requires
- php: ^7.4 || ^8.0
- symfony/http-kernel: ^5.3 || ^6.0
Requires (Dev)
- phpstan/phpstan: ^0.12.98
- phpunit/phpunit: ^9.5
- symfony/phpunit-bridge: ^5.3
README
OWASP header Response EventListener for the Symfony framework
Symfony Response event listener, adds OWASP recommended HTTP headers
Prerequisites
Symfony >= 4
Installation
`composer require jcaillot/owasp-listener`
In config/services.yaml add the following:
Chaman\EventListener\OwaspHeaderListener:
tags:
- { name: kernel.event_listener, event: kernel.response, method: onKernelResponse }
arguments:
- {
#'Strict-Transport-Security': 'max-age=31536000 ; includeSubDomains',
'Content-Type': 'text/html; charset=utf-8',
'X-Content-Type-Option': 'nosniff',
'X-XSS-Protection': '1; mode=block',
'X-Frame-Options': 'DENY',
'X-Permitted-Cross-Domain-Policies': 'none',
'Referrer-Policy': 'same-origin',
'Content-Security-Policy': 'frame-ancestors ''none''',
'Feature-Policy': 'camera: ''none''; payment: ''none''; microphone: ''none'''
}
About OWASP recommender headers
More infos on OWASP recommended headers can be found on the OWASP Secure Headers Project Wiki: