Secure Headers for Laravel
Presenting laravel-secureheaders, a Secure Headers wrapper for the Laravel framework
Aidan’s package aims to harden the security around HTTP headers, and with the following tiny bit of code:
$headers = new SecureHeaders(); $headers->apply();
Can take a standard Laravel install from grade
F to grade
B on SecurityHeaders.io, which is amazing.
With a little bit of configuration around Content Security Policy you can get a grade
A . Here’s a brand new Laravel install where I have only required the package, added the service provider and registered the middleware:
And here’s the grade
A on SecurityHeaders.io:
I’m still working on an issue with Cookies and the Symfony Response which the Laravel Responses are based on, but I’m confident this should bump up that grade even more.
Please feel free to give it a try and let me know any feedback. Also bear in mind that this will unfortunately only be for Laravel 5.4+ projects due to the underlying version of
symfony/http-foundation which the various Laravel framework requires.