firesphere / permissionheaders
Setup Permission Headers for a website
Requires
- php: ^8.1
- silverstripe/framework: ^4|^5
- symfony/yaml: >=4
Suggests
- firesphere/cspheaders: Add and manage CSP headers from CMS and YML for the easiest way to manage and ensure your CSP headers are correct.
README
License
First things first
Before you use this module to throw all the Permissions in to your application, ensure you at least at a basic level, understand what permission headers are.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy
And CORS:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers
Code status
Adds Permission headers to your request, based on configuration in a yml file.
Requirements
SilverStripe Framework 4.x+ PHP 8.0+
Installation
composer require firesphere/permissionheaders
Configuration and usage
Enable the options you want:
Firesphere\PermissionHeaders\Config\PermissionConfig:
permissions:
enabled: false
referrer: same-origin
frame-options: SAMEORIGIN
content-type-options: nosniff
CORS:
enabled: false
HSTS:
enabled: false
See the included config.yml for examples on how to use the policies.
The default is off!
WARNING
Any header set in the .htaccess
, Apache site.conf
or nginx.conf
files will override the headers
set by this module.
Did you read this entire readme? You rock!
Pictured below is a cow, just for you.
/( ,,,,, )\
_\,;;;;;;;,/_
.-"; ;;;;;;;;; ;"-.
'.__/`_ / \ _`\__.'
| (')| |(') |
| .--' '--. |
|/ o o \|
| |
/ \ _..=.._ / \
/:. '._____.' \
;::' / \ .;
| _|_ _|_ ::|
.-| '==o==' '|-.
/ | . / \ | \
| | ::| | | .|
| ( ') (. )::|
|: | |; U U ;|:: | `|
|' | | \ U U / |' | |
##V| |_/`"""`\_| |V##
##V## ##V##