guttmann / silverstripe-security-headers
Installs: 6 010
Dependents: 0
Suggesters: 0
Security: 0
Stars: 1
Watchers: 1
Forks: 7
Open Issues: 4
Type:silverstripe-module
Requires
- php: >=5.3.2
- composer/installers: *
- silverstripe/framework: ~3.1
This package is auto-updated.
Last update: 2024-10-29 03:43:11 UTC
README
SilverStripe module for easily adding a selection of useful HTTP headers.
Comes with a default set of headers configured, but can be used to add any headers you wish.
Install
Install via composer:
composer require guttmann/silverstripe-security-headers 1.0.*
Usage
Apply the extension
Apply the SecurityHeaderControllerExtension to the controller of your choice.
For example, add this to your mysite/_config/config.yml file:
Page_Controller:
extensions:
- Guttmann\SilverStripe\SecurityHeaderControllerExtension
Configure the headers
Configure header values to suit your site, it's important your config is loaded after the security-headers module's config.
For example, your mysite/_config/config.yml file might look like this:
---
Name: mysite
After:
- 'framework/*'
- 'cms/*'
- 'security-headers/*'
---
Guttmann\SilverStripe\SecurityHeaderControllerExtension:
headers:
Content-Security-Policy: "default-src 'self' *.google-analytics.com;"
Strict-Transport-Security: "max-age=2592000"
Disclaimer
I am not a security expert - the default header values used in this module are based on advice I have received from a number of sources.
They are not set in stone and if you see any issues please send me a pull request.