therobfonz/laravel-security-headers

Adds security headers to Laravel responses.

v1.0.11 2019-10-11 00:00 UTC

This package is auto-updated.

Last update: 2022-06-16 03:22:55 UTC


README

This is a Laravel service provider for adding security header responses to your application.

Installation

The SecurityHeaders Service Provider can be installed via Composer by requiring the therobfonz/laravel-security-headers package in your project's composer.json.

{
    "require": {
        "therobfonz/laravel-security-headers": "^1.0"
    }
}

Packages are auto-discovered in Laravel 5.6. Service Providers and Facades are defined in composer.json.

Config File

Publish the confirguration file using Artisan.

php artisan vendor:publish --provider="TheRobFonz\SecurityHeaders\SecurityHeadersServiceProvider"

Update your settings in the generated config/security.php configuration file.

Configuration

Add the middleware to the 'web' middleware group in App\Http\Kernel.php

protected $middlewareGroups = [
    'web' => [
        //...
    
        \TheRobFonz\SecurityHeaders\Middleware\RespondWithSecurityHeaders::class,

Nonces

Every inline script tag needs to include the @nonce blade directive in the opening tag.

<script @nonce>

Links