README

Laravel Favicon Proxy

Proxy website favicons through your own host. Instead of pointing an external-link <img> straight at a third-party favicon service (a cross-origin connection on every page, leaking which links a visitor sees), this fetches the icon server-side once, caches the bytes, and serves them same-origin — the browser never talks to the upstream.

Default upstream is Google's S2 favicon service; configurable.
Validates the upstream content-type and sends X-Content-Type-Options: nosniff (a non-image response is never served under an image type).
Negative-caches failures, falls back to a transparent 1×1 pixel.

Installation

composer require jeffersongoncalves/laravel-favicon-proxy

The /favicon-proxy route is registered automatically. Point your icons at it:

<img src="{{ route('favicon-proxy', ['domain' => 'laravel.com']) }}" alt="" width="16" height="16">

Optionally publish the config:

php artisan vendor:publish --tag="favicon-proxy-config"

Configuration

Key	Default	Description
`enabled`	`true`	Register the proxy route.
`path`	`favicon-proxy`	Route path.
`middleware`	`['throttle:120,1']`	Middleware on the route.
`endpoint`	`https://www.google.com/s2/favicons`	Upstream favicon service.
`query`	`domain`	Query parameter carrying the domain.
`size`	`64`	Requested icon size (px).
`timeout`	`6`	Upstream request timeout (s).
`cache_prefix`	`favicon`	Cache key prefix.
`cache_days`	`30`	How long a fetched icon is cached.
`negative_cache_hours`	`6`	How long a failure is negative-cached.

Testing

composer test

License

The MIT License (MIT). Please see License File for more information.

jeffersongoncalves / laravel-favicon-proxy

Maintainers

Package info

Fund package maintenance!

Statistics

Security