therobfonz / laravel-security-headers
Adds security headers to Laravel responses.
Installs: 1 520
Dependents: 0
Suggesters: 0
Security: 0
Stars: 2
Watchers: 1
Forks: 0
Open Issues: 0
Requires
- php: >=7.1.0 || >=7.2.5
- illuminate/support: 5.6.* || 5.7.* || 5.8.* || ^6.0 || ^7.0 || ^8.0
Requires (Dev)
- mockery/mockery: ^1.0
- orchestra/testbench: ^3.1 || ^4.0 || ^5.0 || ^6.0
- phpunit/phpunit: ^7.0 || ^8.0 || ^9.0
README
This is a Laravel service provider for adding security header responses to your application.
Installation
The SecurityHeaders Service Provider can be installed via Composer by requiring the
therobfonz/laravel-security-headers
package in your project's composer.json
.
{ "require": { "therobfonz/laravel-security-headers": "^1.0" } }
Packages are auto-discovered in Laravel 5.6. Service Providers and Facades are defined in composer.json.
Config File
Publish the confirguration file using Artisan.
php artisan vendor:publish --provider="TheRobFonz\SecurityHeaders\SecurityHeadersServiceProvider"
Update your settings in the generated config/security.php
configuration file.
Configuration
Add the middleware to the 'web' middleware group in App\Http\Kernel.php
protected $middlewareGroups = [ 'web' => [ //... \TheRobFonz\SecurityHeaders\Middleware\RespondWithSecurityHeaders::class,
Nonces
Every inline script tag needs to include the @nonce
blade directive in the opening tag.
<script @nonce>