DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2024-11-11 08:04:09 -08:00
Code Issues Actions 11 Packages Projects Releases Wiki Activity

Merge branch 'develop'

Browse source
This commit is contained in:
snipe 2017-09-28 17:17:03 -07:00
parent 8e682c715e 26a7701cda
commit df4700b411
5 changed files with 40 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.env.example
View file

@ -63,6 +63,7 @@ ENCRYPT=false
COOKIE_NAME=snipeit_session COOKIE_NAME=snipeit_session
COOKIE_DOMAIN=null COOKIE_DOMAIN=null
SECURE_COOKIES=false SECURE_COOKIES=false
REFERRER_POLICY=strict-origin
# -------------------------------------------- # --------------------------------------------

1
app/Http/Kernel.php
View file

@ -19,6 +19,7 @@ class Kernel extends HttpKernel
\Illuminate\View\Middleware\ShareErrorsFromSession::class, \Illuminate\View\Middleware\ShareErrorsFromSession::class,
\App\Http\Middleware\FrameGuard::class, \App\Http\Middleware\FrameGuard::class,
\App\Http\Middleware\XssProtectHeader::class, \App\Http\Middleware\XssProtectHeader::class,
\App\Http\Middleware\ReferrerPolicyHeader::class,
\App\Http\Middleware\NosniffGuard::class, \App\Http\Middleware\NosniffGuard::class,
\App\Http\Middleware\CheckForSetup::class, \App\Http\Middleware\CheckForSetup::class,
\Fideloper\Proxy\TrustProxies::class, \Fideloper\Proxy\TrustProxies::class,

21
app/Http/Middleware/ReferrerPolicyHeader.php Normal file
View file

@ -0,0 +1,21 @@
<?php
namespace App\Http\Middleware;
use Closure;
class ReferrerPolicyHeader
{
/**
* Handle the given request and get the response.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return \Illuminate\Http\Response
*/
public function handle($request, Closure $next)
{
$response = $next($request);
$response->headers->set('Referrer-Policy', config('app.referrer_policy'));
return $response;
}
}

3
app/Http/Middleware/XssProtectHeader.php
View file

@ -14,8 +14,9 @@ class XssProtectHeader
*/ */
public function handle($request, Closure $next) public function handle($request, Closure $next)
{ {
$mode = '1; mode=block';
$response = $next($request); $response = $next($request);
$response->headers->set('X-XSS-Protection', '1'); $response->headers->set('X-XSS-Protection', $mode);
return $response; return $response;
} }
} }

15
config/app.php
View file

@ -155,6 +155,21 @@ return [
'allow_iframing' => env('ALLOW_IFRAMING', false), 'allow_iframing' => env('ALLOW_IFRAMING', false),
/*
|--------------------------------------------------------------------------
| REFERRER-POLICY
|--------------------------------------------------------------------------
|
| This is an additional security header that browsers use to determine
| whether they should report back URL referrer information.
|
| Read more: https://www.w3.org/TR/referrer-policy/
|
*/
'referrer_policy' => env('REFERRER_POLICY', 'strict-origin'),
/* /*
|-------------------------------------------------------------------------- |--------------------------------------------------------------------------
| Demo Mode Lockdown | Demo Mode Lockdown