pionect / laravel-security-headers
Adds security headers to Laravel responses.
Requires
- php: ^8.1
- illuminate/support: ^9.0 || ^10.0
Requires (Dev)
- laravel/pint: ^1.8
- mockery/mockery: ^1.0
- orchestra/testbench: ^7.0 || ^8.0
- phpunit/phpunit: ^9.0 || ^10.0
This package is auto-updated.
Last update: 2024-12-09 13:28:21 UTC
README
This is a Laravel service provider for adding security header responses to your application.
Installation
The SecurityHeaders Service Provider can be installed via Composer by requiring the
pionect/laravel-security-headers package in your project's composer.json.
{
"require": {
"pionect/laravel-security-headers": "^2.0"
}
}
Packages are auto-discovered in Laravel 5.6+. Service Providers and Facades are defined in composer.json.
Config File
Publish the confirguration file using Artisan.
php artisan vendor:publish --provider="Pionect\SecurityHeaders\SecurityHeadersServiceProvider"
Update your settings in the generated config/security.php configuration file.
Configuration
Add the middleware to the 'web' middleware group in App\Http\Kernel.php
protected $middlewareGroups = [ 'web' => [ //... \Pionect\SecurityHeaders\Middleware\RespondWithSecurityHeaders::class,
Nonces
Every inline script tag needs to include the @nonce blade directive in the opening tag.
<script @nonce>