Provides support for enforcing Content Security Policy and XSS Protection with headers in Laravel 4 responses.
Note: Based on Content Security Policy, Improving Web Security with the Content Security Policy, HTTP headers.
- Add rules for Content Security Policy (content-security-policy, x-content-security-policy, x-webkit-csp)
- Save reports of policy failures to
storage/logs/content-security-policy-report
folder if needed - Add additional header like:
x-xss-protection, x-frame-options, x-content-type-options
Require this package with composer:
composer require paramonovav/laravel4-header-csp
After updating composer, add the ServiceProvider to the providers array in app/config/app.php
'Paramonovav\Laravel4HeaderCsp\Laravel4HeaderCspServiceProvider',
You need to publish the config from this package.
php artisan config:publish paramonovav/laravel4-header-csp
The following will apply all default profiles to the login
route.
Route::get('login', array('after'=>'response.secure'), function()
{
return 'Hello, on login page !';
}));
The following will apply all default profiles and a specific google
profile to the login
route.
Route::get('login', array('after'=>'response.secure:google'), function()
{
return 'Hello, on login page !';
}));
You can include any number of specific profiles. The following will apply default, google, flickr, and my_custom profiles to the login
route.
Route::get('login', array('after'=>'response.secure:google-flickr-my_custom'), function()
{
return 'Hello, on login page !';
}));