Changeset View
Changeset View
Standalone View
Standalone View
src/app/Http/Middleware/ContentSecurityPolicy.php
| Show All 15 Lines | class ContentSecurityPolicy | ||||
| */ | */ | ||||
| public function handle($request, Closure $next) | public function handle($request, Closure $next) | ||||
| { | { | ||||
| $headers = [ | $headers = [ | ||||
| 'csp' => 'Content-Security-Policy', | 'csp' => 'Content-Security-Policy', | ||||
| 'xfo' => 'X-Frame-Options', | 'xfo' => 'X-Frame-Options', | ||||
| ]; | ]; | ||||
| //Exclude horizon routes, per https://github.com/laravel/horizon/issues/576 | |||||
| if ($request->is('horizon*')) { | |||||
| $headers = []; | |||||
| } | |||||
| $next = $next($request); | $next = $next($request); | ||||
| foreach ($headers as $opt => $header) { | foreach ($headers as $opt => $header) { | ||||
| if ($value = \config("app.headers.{$opt}")) { | if ($value = \config("app.headers.{$opt}")) { | ||||
| $next->headers->set($header, $value); | $next->headers->set($header, $value); | ||||
| } | } | ||||
| } | } | ||||
| return $next; | return $next; | ||||
| } | } | ||||
| } | } | ||||