zae / strict-transport-security
Set the HSTS header to enable HTTP Strict Transport Security
Installs: 90 875
Dependents: 0
Suggesters: 2
Security: 0
Stars: 7
Watchers: 2
Forks: 1
Open Issues: 0
Requires
- illuminate/config: >=1.0
- illuminate/support: >=1.0
- symfony/http-foundation: >=2.0
- symfony/http-kernel: >=2.0
Requires (Dev)
- mockery/mockery: ~0.9
- phpunit/phpunit: ~4.0
This package is auto-updated.
Last update: 2024-11-10 10:02:55 UTC
README
Enable HTTP Strict Transport Security using HTTP Middleware
L4 / L5
Middleware is available for both Laravel 4 and 5.
Install
Via Composer
$ composer require zae/strict-transport-security
Usage
Laravel 5
Add the class Zae\StrictTransportSecurity\Middleware\L5\StrictTransportSecurity
to the $middlewares
array.
#app/Http/Kernel.php protected $middleware = [ 'Illuminate\View\Middleware\ShareErrorsFromSession', 'Zae\StrictTransportSecurity\Middleware\L5\StrictTransportSecurity', ];
It's not strictly required to use the middleware but if you want to use the vendor:publish
command add the service provider Zae\StrictTransportSecurity\ServiceProvider\L5HTSTServiceProvider
to the providers
array in the app config.
#config/app.php return [ 'providers' => [ Illuminate\View\ViewServiceProvider::class, Zae\StrictTransportSecurity\ServiceProvider\L5HTSTServiceProvider::class, ], ];
Publish the config with php artisan vendor:publish
. This file will be created at config/hsts.php
.
Laravel 4
Add the serviceprovider to the list of service providers: Zae\StrictTransportSecurity\ServiceProvider\L4HTSTServiceProvider
#app/config.php 'providers' => array( 'Illuminate\Foundation\Providers\ArtisanServiceProvider', 'Illuminate\Auth\AuthServiceProvider', 'Zae\StrictTransportSecurity\ServiceProvider\L4HTSTServiceProvider', ),
Silex Example
require __DIR__ . '/../vendor/autoload.php'; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Response; $app = new Silex\Application(); $app->get('/', function(Request $request) { return new Response('Hello world!', 200); }); $app = (new Stack\Builder()) ->push('Zae\StrictTransportSecurity\Middleware\L4\StrictTransportSecurity', [new \Zae\StrictTransportSecurity\HSTS(new Illuminate\Config\Repository())]) ->resolve($app) ; $request = Request::createFromGlobals(); $response = $app->handle($request)->send(); $app->terminate($request, $response);
Symfony Example
use Symfony\Component\HttpFoundation\Request; use Symfony\Component\Debug\Debug; $loader = require_once __DIR__.'/../app/bootstrap.php.cache'; Debug::enable(); require_once __DIR__.'/../app/AppKernel.php'; $kernel = new AppKernel('dev', true); $kernel->loadClassCache(); $app = (new Stack\Builder()) ->push('Zae\StrictTransportSecurity\Middleware\L4\StrictTransportSecurity', [new \Zae\StrictTransportSecurity\HSTS(new Illuminate\Config\Repository())]) ->resolve($app) ; $kernel = $stack->resolve($kernel); Request::enableHttpMethodParameterOverride(); $request = Request::createFromGlobals(); $response = $kernel->handle($request); $response->send(); $kernel->terminate($request, $response);
Testing
$ phpunit
Contributing
Contributions are welcome via pull requests on github.
Credits
License
The MIT License (MIT). Please see License File for more information.