SecurityHeadersMiddleware
in package
Security headers middleware.
Adds standard security headers to all responses. These headers provide defense-in-depth against common web attacks (clickjacking, MIME sniffing, XSS, information leakage).
Headers set:
- X-Content-Type-Options: nosniff
- X-Frame-Options: SAMEORIGIN
- Referrer-Policy: strict-origin-when-cross-origin
- Permissions-Policy: restrictive defaults
- Strict-Transport-Security: max-age=31536000 (when HTTPS)
- X-Permitted-Cross-Domain-Policies: none
These supplement (but do not replace) nginx-level security headers. If the same header is set by nginx and this middleware, the nginx header takes precedence.
Table of Contents
Methods
- handle() : mixed
Methods
handle()
public
handle(Request $request, Closure $next) : mixed
Parameters
- $request : Request
- $next : Closure