Composer
首页 包列表 提交包 常见问题 关于

定制 amreljako/laravel-secure-headers 二次开发

按需修改功能、优化性能、对接业务系统,提供一站式技术支持

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

amreljako/laravel-secure-headers

最新稳定版本:v1.0.0

Composer 安装命令:

composer require amreljako/laravel-secure-headers

包简介

Laravel package to add essential HTTP Security Headers.

README 文档

README

A lightweight Laravel package that automatically adds essential HTTP Security Headers to enhance your application's security and performance.

Installation

Require the package via Composer:

composer require amreljako/laravel-secure-headers

Publish Config

Publish the configuration file to your application:

php artisan vendor:publish --provider="Amreljako\SecureHeaders\SecureHeadersServiceProvider" --tag=config

This will create the following file in your project:

config/secure-headers.php

Usage

Register the middleware in app/Http/Kernel.php:

protected $middleware = [
    \Amreljako\SecureHeaders\Middleware\SecureHeadersMiddleware::class,
];

Once registered, the middleware will automatically apply security headers to all HTTP responses.

Configuration

You can customize the headers in config/secure-headers.php:

return [
    'X-Frame-Options' => 'DENY',
    'X-Content-Type-Options' => 'nosniff',
    'X-XSS-Protection' => '1; mode=block',
    'Referrer-Policy' => 'no-referrer-when-downgrade',
    'Strict-Transport-Security' => 'max-age=31536000; includeSubDomains; preload',
    'Content-Security-Policy' => "default-src 'self'; img-src 'self' https://trusted-cdn.com; script-src 'self' https://apis.google.com",
];

Example Response Headers

After installation, each Laravel response will include headers such as:

X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Security-Policy: default-src 'self'

Why Use Security Headers?

  • X-Frame-Options → Prevents Clickjacking attacks
  • X-Content-Type-Options → Blocks MIME type sniffing
  • X-XSS-Protection → Adds basic browser XSS protection (legacy)
  • Referrer-Policy → Controls what referrer information is sent with requests
  • Strict-Transport-Security (HSTS) → Enforces secure HTTPS connections
  • Content-Security-Policy (CSP) → Strong protection against XSS and data injection attacks

License

This package is open-sourced software licensed under the MIT license.

统计信息

  • 总下载量: 0
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 1
  • 点击次数: 1
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 1
  • Watchers: 0
  • Forks: 0
  • 开发语言: PHP
访问仓库

其他信息

  • 授权协议: MIT
  • 更新时间: 2025-09-15