This is a Laravel service provider for adding security header responses to your application.
The SecurityHeaders Service Provider can be installed via Composer by requiring the
therobfonz/laravel-security-headers
package in your project's composer.json
.
{
"require": {
"therobfonz/laravel-security-headers": "^3.0"
}
}
Packages are auto-discovered in Laravel 5.6+. Service Providers and Facades are defined in composer.json.
Publish the confirguration file using Artisan.
php artisan vendor:publish --provider="TheRobFonz\SecurityHeaders\SecurityHeadersServiceProvider"
Update your settings in the generated config/security.php
configuration file.
Add the middleware to the 'web' middleware group in App\Http\Kernel.php
protected $middlewareGroups = [
'web' => [
//...
\TheRobFonz\SecurityHeaders\Middleware\RespondWithSecurityHeaders::class,
Every inline script tag needs to include the @nonce
blade directive in the opening tag.
<script @nonce>