Changeset View
Changeset View
Standalone View
Standalone View
src/app/Http/Middleware/ContentSecurityPolicy.php
- This file was added.
<?php | |||||
namespace App\Http\Middleware; | |||||
use Closure; | |||||
class ContentSecurityPolicy | |||||
{ | |||||
/** | |||||
* Handle an incoming request. | |||||
* | |||||
* @param \Illuminate\Http\Request $request | |||||
* @param \Closure $next | |||||
* | |||||
* @return mixed | |||||
*/ | |||||
public function handle($request, Closure $next) | |||||
{ | |||||
$headers = [ | |||||
'csp' => 'Content-Security-Policy', | |||||
'xfo' => 'X-Frame-Options', | |||||
]; | |||||
$next = $next($request); | |||||
foreach ($headers as $opt => $header) { | |||||
if ($value = \config("app.headers.{$opt}")) { | |||||
$next->header($header, $value); | |||||
} | |||||
} | |||||
return $next; | |||||
} | |||||
} |