therobfonz/laravel-security-headers

Adds security headers to Laravel responses.

3.1.0 2019-10-11 00:00 UTC

This package is auto-updated.

Last update: 2024-12-20 16:16:33 UTC


README

This is a Laravel service provider for adding security header responses to your application.

Installation

The SecurityHeaders Service Provider can be installed via Composer by requiring the therobfonz/laravel-security-headers package in your project's composer.json.

{
    "require": {
        "therobfonz/laravel-security-headers": "^3.0"
    }
}

Packages are auto-discovered in Laravel 5.6+. Service Providers and Facades are defined in composer.json.

Config File

Publish the confirguration file using Artisan.

php artisan vendor:publish --provider="TheRobFonz\SecurityHeaders\Providers\SecurityHeadersServiceProvider"

Update your settings in the generated config/security.php configuration file.

Configuration

Add the middleware to the 'web' middleware group in App\Http\Kernel.php

protected $middlewareGroups = [
    'web' => [
        //...
        \TheRobFonz\SecurityHeaders\Middleware\RespondWithSecurityHeaders::class,

Nonces

Every inline script tag needs to include the @nonce blade directive in the opening tag.

<script @nonce>

Links