firesphere/permissionheaders

Setup Permission Headers for a website

0.3.0 2024-07-11 04:56 UTC

This package is auto-updated.

Last update: 2024-11-11 07:55:44 UTC


README

License

LGPL v3 or later

First things first

Before you use this module to throw all the Permissions in to your application, ensure you at least at a basic level, understand what permission headers are.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy

And CORS:

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers

Code status

Adds Permission headers to your request, based on configuration in a yml file.

Requirements

SilverStripe Framework 4.x+ PHP 8.0+

Installation

composer require firesphere/permissionheaders

Configuration and usage

Enable the options you want:

Firesphere\PermissionHeaders\Config\PermissionConfig:
  permissions:
    enabled: false
  referrer: same-origin
  frame-options: SAMEORIGIN
  content-type-options: nosniff
  CORS:
      enabled: false
  HSTS:
      enabled: false

See the included config.yml for examples on how to use the policies.

The default is off!

WARNING

Any header set in the .htaccess, Apache site.conf or nginx.conf files will override the headers set by this module.

Did you read this entire readme? You rock!

Pictured below is a cow, just for you.


               /( ,,,,, )\
              _\,;;;;;;;,/_
           .-"; ;;;;;;;;; ;"-.
           '.__/`_ / \ _`\__.'
              | (')| |(') |
              | .--' '--. |
              |/ o     o \|
              |           |
             / \ _..=.._ / \
            /:. '._____.'   \
           ;::'    / \      .;
           |     _|_ _|_   ::|
         .-|     '==o=='    '|-.
        /  |  . /       \    |  \
        |  | ::|         |   | .|
        |  (  ')         (.  )::|
        |: |   |;  U U  ;|:: | `|
        |' |   | \ U U / |'  |  |
        ##V|   |_/`"""`\_|   |V##
           ##V##         ##V##