Comments (8)
bepsvpt
commented on May 21, 2024
Hi @Masoud180 ,
I added
\Bepsvpt\SecureHeaders\SecureHeadersMiddleware::class,
to $middlewarePriority in Kernel.php
Is that right?
You need to add it to $middleware in app/Http/Kernel.php file. $middlewarePriority is used to specific the order when middlewares are assigned to the route.
And what should I write in secure-headers.php?
Use HTTP Strict Transport Security for example, if you want to enable HTTP Strict Transport Security, you can change enable value from false to true at here.
Each section has reference link in comment block(example), you can check that link for further information. Some headers will broke the page when they are configured incorrectly. Thus, I will sugguest you check out the reference link before setting it up.
And how can I be sure that I configured it in the right way?
You can use php artisan serve to start PHP development server and open browser developer tools to check whether the response header is configured correctly or not.
from secure-headers.
Masoud180
commented on May 21, 2024
Thank you so much.
from secure-headers.
bepsvpt
commented on May 21, 2024
If you have any other questions, feel free to comment on this issue.
from secure-headers.
Masoud180
commented on May 21, 2024
Thanks
While I was checking that, I came up with a question.
In secure-headers.php, server parameter is null ('') but I can see my real server details in http header and it doesn't change it.
And also x-xss-protection doesn't exist on header response!
What should I do to apply them?
from secure-headers.
bepsvpt
commented on May 21, 2024
In secure-headers.php, server parameter is null ('') but I can see my real server details in http header and it doesn't change it.
When server is empty string, it will not add to response header(#1). If you want to change this header, you should assign a value to it.
And also x-xss-protection doesn't exist on header response!
Could you provide more information about this problem?
from secure-headers.
Masoud180
commented on May 21, 2024
Thanks
x-xss-protection is fixed. but server is still displaying real details.
I set this to another string but still not working.
from secure-headers.
bepsvpt
commented on May 21, 2024
Not all web server services support setting server header. This header only tested on Laravel Homestead and Nginx. Sorry for not mention this on config file comment.
from secure-headers.
Masoud180
commented on May 21, 2024
Thank you so much.
from secure-headers.
Related Issues (20)
- Support for Reporting API and NEL header HOT 2
- X-Powered-By header name
- Rename Feature-Policy header to Permissions-Policy HOT 8
- Incorrect option header name HOT 1
- Error 500 in Laravel HOT 3
- After setup for laravel, Content-Security-Policy header is not generated HOT 6
- X-Powered-By keep showing when I leave it empty in config file HOT 4
- Support SharedArrayBuffer updates in Chrome around May 2021 HOT 1
- undefined index: x-content-type-options HOT 2
- Add CSP Report To HOT 2
- Add route whitelist HOT 1
- Laravel 9 Support HOT 4
- redirected to file's directory while validation Laravel HOT 1
- Unable to set multiple values to the frame-ancestors directive of the content-security-policy header HOT 2
- jquery.min.js HOT 1
- securityheaders.com still show Big red F HOT 6
- Eliminate Laravel dependency for non-Laravel users HOT 2
- Laravel Horizon not loading UI HOT 2
- How can I apply the following in the "Content-Security-Policy" ? HOT 6
- Some value does not appear on the HTTP request HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from secure-headers.