add same security headers

Question

add same security headers

vahidalvandi opened this issue 4 years ago · comments

vahid alvandi commented 4 years ago

in this package have same security i add all in this middlware

https://github.com/getspooky/Laravel-Mitnick/tree/master/src/Security

`<?php

namespace webine\base\http\middleware;

use Closure;
use Illuminate\Http\Request;

class security_headers
{
public function handle(Request $request, Closure $next)
{

    $response = $next($request);

    //add from https://github.com/getspooky/Laravel-Mitnick/tree/master/src/Security

    $response->header('X-Frame-Options', 'deny');
    $response->header('Cache-Control', 'no-store, no-cache, must-revalidate, max-age=0, s-maxage=0');
    $response->header('X-DNS-Prefetch-Control', 'off');
    $response->header('Strict-Transport-Security', 'max-age=5184000,preload');
    $response->header('X-Content-Type-Options', 'nosniff');
    header_remove("X-Powered-By");


    return $response;

}

}
`

Denis Dulici · Answer 1 · Wed Sep 09 2020 21:01:57 GMT+0800 (China Standard Time)

Feel free to send a PR.