Changeset View
Changeset View
Standalone View
Standalone View
src/app/Http/Middleware/ContentSecurityPolicy.php
Show All 15 Lines | class ContentSecurityPolicy | ||||
*/ | */ | ||||
public function handle($request, Closure $next) | public function handle($request, Closure $next) | ||||
{ | { | ||||
$headers = [ | $headers = [ | ||||
'csp' => 'Content-Security-Policy', | 'csp' => 'Content-Security-Policy', | ||||
'xfo' => 'X-Frame-Options', | 'xfo' => 'X-Frame-Options', | ||||
]; | ]; | ||||
//Exclude horizon routes, per https://github.com/laravel/horizon/issues/576 | |||||
if ($request->is('horizon*')) { | |||||
$headers = []; | |||||
} | |||||
$next = $next($request); | $next = $next($request); | ||||
foreach ($headers as $opt => $header) { | foreach ($headers as $opt => $header) { | ||||
if ($value = \config("app.headers.{$opt}")) { | if ($value = \config("app.headers.{$opt}")) { | ||||
$next->headers->set($header, $value); | $next->headers->set($header, $value); | ||||
} | } | ||||
} | } | ||||
return $next; | return $next; | ||||
} | } | ||||
} | } |