Giter VIP home page Giter VIP logo

Comments (6)

bepsvpt avatar bepsvpt commented on June 15, 2024

Did you add Illuminate\Http\Middleware\FrameGuard.php to your app/Http/Kernel.php?

I couldn't find anywhere that laravel adds this middleware to middlewares.

from secure-headers.

johnboc avatar johnboc commented on June 15, 2024

No. I've searched all php files in the Laravel project for 'X-Frame-Options' with these results:
\config\secure-headers.php

\vendor\bepsvpt\secure-headers\config\secure-headers.php

\vendor\bepsvpt\secure-headers\src\SecureHeaders.php
'X-Frame-Options' => $this->config['x-frame-options'],
'X-Frame-Options' => $this->config['x-frame-options'],

\vendor\bepsvpt\secure-headers\tests\MiddlewareTest.php
$this->assertArrayHasKey('x-frame-options', $headers);

\vendor\bepsvpt\secure-headers\tests\SecureHeadersTest.php
$this->assertArrayHasKey('X-Frame-Options', $headers);

\vendor\laravel\framework\src\Illuminate\Http\Middleware\FrameGuard.php
$response->headers->set('X-Frame-Options', 'SAMEORIGIN', false);

FrameGuard is referenced in the following files only:
\vendor\composer\autoload_classmap.php
'Illuminate\Http\Middleware\FrameGuard' => $vendorDir . '/laravel/framework/src/Illuminate/Http/Middleware/FrameGuard.php',
'Illuminate\Http\Middleware\FrameGuard' => $vendorDir . '/laravel/framework/src/Illuminate/Http/Middleware/FrameGuard.php',

\vendor\composer\autoload_static.php
'Illuminate\Http\Middleware\FrameGuard' => DIR . '/..' . '/laravel/framework/src/Illuminate/Http/Middleware/FrameGuard.php',
'Illuminate\Http\Middleware\FrameGuard' => DIR . '/..' . '/laravel/framework/src/Illuminate/Http/Middleware/FrameGuard.php',

\vendor\laravel\framework\src\Illuminate\Http\Middleware\FrameGuard.php
class FrameGuard

The headers generated by Laravel are listed after those by secure-headers in the securityheaders.io report

from secure-headers.

bepsvpt avatar bepsvpt commented on June 15, 2024

Did you set these two headers in web server config file, like nginx or apache?

from secure-headers.

johnboc avatar johnboc commented on June 15, 2024

Why didn't I think of that!!!! A colleague set up the nginx server so a left hand right hand problem.
Thank you

from secure-headers.

bepsvpt avatar bepsvpt commented on June 15, 2024

FYI, if you want to disable these two headers, just set to null or empty string.

from secure-headers.

bepsvpt avatar bepsvpt commented on June 15, 2024

If you have any further question, feel free to open a new issue or reply in this issue. 😄

from secure-headers.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.