therobfonz / laravel-security-headers
Adds security headers to Laravel responses.
Installs: 5 859
Dependents: 0
Suggesters: 0
Security: 0
Stars: 58
Watchers: 1
Forks: 6
Open Issues: 2
Requires
- php: ^8.1
- illuminate/support: ^10.0 || ^11.0
Requires (Dev)
- laravel/pint: ^1.8
- mockery/mockery: ^1.0
- orchestra/testbench: ^8.0 || ^9.0
- phpunit/phpunit: ^9.0 || ^10.0
README
This is a Laravel service provider for adding security header responses to your application.
Installation
The SecurityHeaders Service Provider can be installed via Composer by requiring the
therobfonz/laravel-security-headers package in your project's composer.json.
{
"require": {
"therobfonz/laravel-security-headers": "^3.0"
}
}
Packages are auto-discovered in Laravel 5.6+. Service Providers and Facades are defined in composer.json.
Config File
Publish the confirguration file using Artisan.
php artisan vendor:publish --provider="TheRobFonz\SecurityHeaders\Providers\SecurityHeadersServiceProvider"
Update your settings in the generated config/security.php configuration file.
Configuration
Add the middleware to the 'web' middleware group in App\Http\Kernel.php
protected $middlewareGroups = [ 'web' => [ //... \TheRobFonz\SecurityHeaders\Middleware\RespondWithSecurityHeaders::class,
Nonces
Every inline script tag needs to include the @nonce blade directive in the opening tag.
<script @nonce>