https://github.com/b13/hydra
Last synced: about 1 year ago
JSON representation
- Host: GitHub
- URL: https://github.com/b13/hydra
- Owner: b13
- License: gpl-2.0
- Created: 2021-04-26T12:56:38.000Z (about 5 years ago)
- Default Branch: master
- Last Pushed: 2024-11-29T06:21:01.000Z (over 1 year ago)
- Last Synced: 2025-06-09T08:08:29.824Z (about 1 year ago)
- Language: PHP
- Size: 17.6 KB
- Stars: 3
- Watchers: 8
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Hydra. So many Head(er)s.
This extension allows to add response headers on a per site base without using TypoScript.
If you have only one set of response headers that you want your TYPO3 websites to send, it might be a good idea
to configure the headers directly in your webserver. However, there might be the requirement that different
sites inside the same TYPO3 system have to send different headers. In such a case, this extension provides the
functionality to configure response headers in the site configuration.
## Example
In the site config simply specify the headers:
```yaml
responseHeaders:
Content-Security-Policy: "default-src 'self';"
Referrer-Policy: "no-referrer-when-downgrade"
X-Content-Type-Options: "nosniff"
X-Xss-Protection: "1; mode=block"
Feature-Policy: "camera 'none'; geolocation 'none'; microphone 'none'; payment 'none'"
Permissions-Policy: "camera=(), geolocation=(), microphone=(), payment=()"
X-Frame-Options: "SAMEORIGIN"
```
To improve maintainability of header configuration with many parts like CSP or Feature-policy
each header can be configured as a list. The list items will be concatenated to one string when the header is added.
The above example could be rewritten like this:
```yaml
responseHeaders:
Content-Security-Policy: "default-src 'self';"
Referrer-Policy: "no-referrer-when-downgrade"
X-Content-Type-Options: "nosniff"
X-Xss-Protection: "1; mode=block"
Feature-Policy:
- "camera 'none';"
- "geolocation 'none';"
- "microphone 'none';"
- "payment 'none'"
Permissions-Policy:
- "camera=(),"
- "geolocation=(),"
- "microphone=(),"
- "payment=()"
X-Frame-Options: "SAMEORIGIN"
```
Those headers will be added via a middleware to responses only for the corresponding site.
## Sharing our expertise
[Find more TYPO3 extensions we have developed](https://b13.com/useful-typo3-extensions-from-b13-to-you) that help us deliver value in client projects. As part of the way we work, we focus on testing and best practices to ensure long-term performance, reliability, and results in all our code.