DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2025-02-21 03:15:45 -08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Consolidated ReferrerPolicy into new SecurityHeaders file

Browse source
This commit is contained in:
snipe 2020-06-22 22:35:59 -07:00
parent a716382ac4
commit 43042ad841
No known key found for this signature in database
GPG key ID: 10BFFDA3ED34B5AC
2 changed files with 1 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
app/Http/Middleware/ReferrerPolicyHeader.php
View file

@ -1,21 +0,0 @@
<?php
namespace App\Http\Middleware;
use Closure;
class ReferrerPolicyHeader
{
/**
* Handle the given request and get the response.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return \Illuminate\Http\Response
*/
public function handle($request, Closure $next)
{
$response = $next($request);
$response->headers->set('Referrer-Policy', config('app.referrer_policy'));
return $response;
}
}

2
app/Http/Middleware/SecurityHeaders.php
View file

@ -26,7 +26,7 @@ class SecurityHeaders
{ {
$this->removeUnwantedHeaders($this->unwantedHeaderList); $this->removeUnwantedHeaders($this->unwantedHeaderList);
$response = $next($request); $response = $next($request);
$response->headers->set('Referrer-Policy', 'no-referrer-when-downgrade'); $response->headers->set('Referrer-Policy', config('app.referrer_policy'));
$response->headers->set('X-Content-Type-Options', 'nosniff'); $response->headers->set('X-Content-Type-Options', 'nosniff');
$response->headers->set('X-XSS-Protection', '1; mode=block'); $response->headers->set('X-XSS-Protection', '1; mode=block');
$response->headers->set('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'); $response->headers->set('Strict-Transport-Security', 'max-age=31536000; includeSubDomains');