meta x xss protection laravel

Solutions on MaxInterview for meta x xss protection laravel by the best coders in the world

showing results for - "meta x xss protection laravel"
Fabio
08 Jul 2017
1<?php
2namespace App\Http\Middleware;
3use Closure;
4
5class SecureHeaders
6{
7    // Enumerate headers which you do not want in your application's responses.
8    // Great starting point would be to go check out @Scott_Helme's:
9    // https://securityheaders.com/
10    private $unwantedHeaderList = [
11        'X-Powered-By',
12        'Server',
13    ];
14    public function handle($request, Closure $next)
15    {
16        $this->removeUnwantedHeaders($this->unwantedHeaderList);
17        $response = $next($request);
18        $response->headers->set('Referrer-Policy', 'no-referrer-when-downgrade');
19        $response->headers->set('X-Content-Type-Options', 'nosniff');
20        $response->headers->set('X-XSS-Protection', '1; mode=block');
21        $response->headers->set('X-Frame-Options', 'DENY');
22        $response->headers->set('Strict-Transport-Security', 'max-age=31536000; includeSubDomains');
23        $response->headers->set('Content-Security-Policy', "style-src 'self'"); // Clearly, you will be more elaborate here.
24        return $response;
25    }
26    private function removeUnwantedHeaders($headerList)
27    {
28        foreach ($headerList as $header)
29            header_remove($header);
30    }
31}
32?>
33