Class SecurityHeadersMiddleware
Handles common security headers in a convenient way
Property Summary
-
$headers protected
array
Security related headers to set
Method Summary
-
__invoke() public
Serve assets if the path matches one.
-
checkValues() protected
Convenience method to check if a value is in the list of allowed args
-
noOpen() public
X-Download-Options
-
noSniff() public
X-Content-Type-Options
-
setCrossDomainPolicy() public
X-Permitted-Cross-Domain-Policies
-
setReferrerPolicy() public
Referrer-Policy
-
setXFrameOptions() public
X-Frame-Options
-
setXssProtection() public
X-XSS-Protection
Method Detail
__invoke() ¶ public
__invoke(Psr\Http\Message\ServerRequestInterface $request, Psr\Http\Message\ResponseInterface $response, callable $next): Psr\Http\Message\ResponseInterface
Serve assets if the path matches one.
Parameters
-
Psr\Http\Message\ServerRequestInterface
$request The request.
-
Psr\Http\Message\ResponseInterface
$response The response.
-
callable
$next Callback to invoke the next middleware.
Returns
Psr\Http\Message\ResponseInterface
checkValues() ¶ protected
checkValues(string $value, array $allowed): void
Convenience method to check if a value is in the list of allowed args
Parameters
-
string
$value Value to check
-
array
$allowed List of allowed values
Returns
void
Throws
InvalidArgumentException
Thrown when a value is invalid.
noOpen() ¶ public
noOpen(): $this
X-Download-Options
Sets the header value for it to 'noopen'
Returns
$this
Links
noSniff() ¶ public
noSniff(): $this
X-Content-Type-Options
Sets the header value for it to 'nosniff'
Returns
$this
Links
setCrossDomainPolicy() ¶ public
setCrossDomainPolicy(string $policy = 'all'): $this
X-Permitted-Cross-Domain-Policies
Parameters
-
string
$policy optional Policy value. Available Values: 'all', 'none', 'master-only', 'by-content-type', 'by-ftp-filename'
Returns
$this
Links
setReferrerPolicy() ¶ public
setReferrerPolicy(string $policy = 'same-origin'): $this
Referrer-Policy
Parameters
-
string
$policy optional Policy value. Available Value: 'no-referrer', 'no-referrer-when-downgrade', 'origin', 'origin-when-cross-origin', 'same-origin', 'strict-origin', 'strict-origin-when-cross-origin', 'unsafe-url'
Returns
$this
Links
setXFrameOptions() ¶ public
setXFrameOptions(string $option = 'sameorigin', string $url = null): $this
X-Frame-Options
Parameters
-
string
$option optional Option value. Available Values: 'deny', 'sameorigin', 'allow-from
' -
string
$url optional URL if mode is
allow-from
Returns
$this
Links
setXssProtection() ¶ public
setXssProtection(string $mode = 'block'): $this
X-XSS-Protection
Parameters
-
string
$mode optional Mode value. Available Values: '1', '0', 'block'
Returns
$this