Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/getspooky/laravel-mitnick
๐ laravel-security helps you secure your Laravel apps by setting various HTTP headers.
https://github.com/getspooky/laravel-mitnick
composer headers http-headers laravel laravel-apps middleware php security
Last synced: about 4 hours ago
JSON representation
๐ laravel-security helps you secure your Laravel apps by setting various HTTP headers.
- Host: GitHub
- URL: https://github.com/getspooky/laravel-mitnick
- Owner: getspooky
- License: mit
- Created: 2019-07-05T11:46:13.000Z (over 5 years ago)
- Default Branch: master
- Last Pushed: 2021-05-19T09:40:29.000Z (over 3 years ago)
- Last Synced: 2024-04-13T21:35:13.433Z (7 months ago)
- Topics: composer, headers, http-headers, laravel, laravel-apps, middleware, php, security
- Language: PHP
- Homepage: https://getspooky.github.io/laravel-mitnick/
- Size: 58.6 KB
- Stars: 79
- Watchers: 7
- Forks: 12
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Security: SECURITY.md
Awesome Lists containing this project
README
# ๐ Laravel-Mitnick
Laravel-Mitnick helps you secure your Laravel apps by setting various HTTP headers. It's not a silver bullet, but it can help!
## Quick start
First, You can install the package via composer:
```sh
composer require mitnick/laravel-security
```
If you would like to assign middleware to specific routes, you should first assign the middleware a key in your `app/Http/Kernel.php` file. By default, the `$routeMiddleware` property of this class contains entries for the middleware included with Laravel
```php
// Within App\Http\Kernel Class...
protected $routeMiddleware = [
'auth' => \App\Http\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,
'can' => \Illuminate\Auth\Middleware\Authorize::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'signed' => \Illuminate\Routing\Middleware\ValidateSignature::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
'no-cache' => \Mitnick\Laravel\Security\cache::class
];
```
## Documentation
For installation instructions, in-depth usage and deployment details, please take a look at the official [documentation](https://getspooky.github.io/Laravel-Mitnick/).
## Requirements
Laravel-Mitnick has a few requirements you should be aware of before installing :
* Composer
* Laravel Framework 5.4+
## Solved : Security vulnerability
Laravel-Mitnick is a collection of 9 smaller middleware functions that set HTTP response headers.
| Vulnerability | Middleware Class | Included
| ------- | --- | --- |
| Cache Control Attack | Mitnick\Laravel\Security\cache::class | โ
| Cross-Origin Resource Sharing (CORS) | Mitnick\Laravel\Security\cors::class |โ
| X-Permitted-Cross-Domain-Policies | Mitnick\Laravel\Security\crossDomain::class | โ
| DNS Prefetch Control |ย Mitnick\Laravel\Security\dns::class |โ
| Click Jacking Attack | Mitnick\Laravel\Security\frameGuard::class |โ
| Strict-Transport-Security |ย Mitnick\Laravel\Security\hsts::class |โ
| Mime Sniffing Attack | Mitnick\Laravel\Security\noSniff::class |โ
| X-Powered-By Attack | Mitnick\Laravel\Security\xPoweredBy::class | โ
|ย XSS Attack |ย Mitnick\Laravel\Security\xss::class |โ
## Contributing
Whether you're helping us fix bugs, improve the docs, or spread the word, we'd love to have you as part of the `Laravel-Mitnick` community! ๐ช๐ See CONTRIBUTING.md for more information on what we're looking for and how to get started.
## License
The Laravel-Mitnick package is open-source software licensed under the [MIT license](https://opensource.org/licenses/MIT).