sen0rxol0 / security-headers
Improved security in your application, serves as a middleware to inject HTTP response headers.
Requires
- php: ^7.0
- illuminate/support: 5.5.*|5.6.*
- paragonie/csp-builder: ^2.3
Requires (Dev)
- orchestra/testbench: ~3.5|~3.6
- phpunit/phpunit: 6.5.*
This package is not auto-updated.
Last update: 2022-01-08 15:12:51 UTC
README
This package aims to improve HTTP response headers security, built for integration with Laravel.
It wont be a extend guide on headers security, for more info check out resources or start by testing your application headers on securityheaders.io and come back when you probably 😱
Integration
Install the package with composer
composer require sen0rxol0\security-headers
Publish the configuration file
php artisan vendor:publish --tag="config"
Now that the config file may be published at config\headers.php
Add SecurityHeadersMiddleware
to your application global middleware in app\Http\Kernel.php
protected $middleware = [ //.. \Sen0rxol0\SecurityHeaders\SecurityHeadersMiddleware::class, ];
Next you can start tweaking the config file in config\headers.php
,
although i recommend reading more about security headers, the base config is good to go.
Usage information
When using Content-Security-Policy with nonce or if add-nonce
is set to true
you will need to make use of a helper function in your templates script tags
<script nonce="{{ nonce('script-src') }}" src="{{ mix('/js/app.js') }}"></script>
Resources
- OWASP Secure Headers Project
- Hardening your HTTP Security Headers
- HTTP Headers on Mozilla
- Content Security Policy
- And also check out Scott Helme website
Credits
License
The MIT License (MIT). Please see License File for more information.