diff options
| author | Igor Scheller <igor.scheller@igorshp.de> | 2018-10-27 11:11:37 +0100 |
|---|---|---|
| committer | msquare <msquare@notrademark.de> | 2018-11-21 19:24:36 +0100 |
| commit | fd37c9d60ea818dc9a562fa88ff5f9a50132506f (patch) | |
| tree | 39bc7af1141f10603164b350b9588188ccc04b4e /config | |
| parent | 23c0fae36fb8159bcf8b95bae98555201146457e (diff) | |
Added additional headers
Diffstat (limited to 'config')
| -rw-r--r-- | config/app.php | 1 | ||||
| -rw-r--r-- | config/config.default.php | 13 |
2 files changed, 14 insertions, 0 deletions
diff --git a/config/app.php b/config/app.php index 77b1e874..7ba3509e 100644 --- a/config/app.php +++ b/config/app.php @@ -37,6 +37,7 @@ return [ // Changes of request/response parameters \Engelsystem\Middleware\SetLocale::class, + \Engelsystem\Middleware\AddHeaders::class, // The application code \Engelsystem\Middleware\ErrorHandler::class, diff --git a/config/config.default.php b/config/config.default.php index 879aa836..4ba6cdc1 100644 --- a/config/config.default.php +++ b/config/config.default.php @@ -150,4 +150,17 @@ return [ // IP addresses of reverse proxies that are trusted, can be an array or a comma separated list 'trusted_proxies' => env('TRUSTED_PROXIES', ['127.0.0.0/8', '::ffff:127.0.0.0/8', '::1/128']), + + // Add additional headers + 'add_headers' => (bool)env('ADD_HEADERS', true), + 'headers' => [ + 'X-Content-Type-Options' => 'nosniff', + 'X-Frame-Options' => 'sameorigin', + 'Referrer-Policy' => 'strict-origin-when-cross-origin', + 'Content-Security-Policy' => 'default-src \'self\' \'unsafe-inline\' \'unsafe-eval\'', + 'X-XSS-Protection' => '1; mode=block', + 'Feature-Policy' => 'autoplay \'none\'', + //'Strict-Transport-Security' => 'max-age=7776000', + //'Expect-CT' => 'max-age=7776000,enforce,report-uri="[uri]"', + ], ]; |