From cafdfcc189911c5970ac5e3f8dd70ae323d52c69 Mon Sep 17 00:00:00 2001
From: Steve McDougall <juststevemcd@gmail.com>
Date: Mon, 15 May 2023 10:01:29 +0100
Subject: [PATCH] Removing depreciated XSSMode middleware and cleanup test
 config

---
 README.md                                |  2 -
 config/headers.php                       |  2 -
 src/Http/Middleware/XSSMode.php          | 27 --------------
 src/Providers/PackageServiceProvider.php |  2 +-
 tests/Http/Middleware/XSSModeTest.php    | 22 -----------
 tests/PackageTestCase.php                | 47 +++++++++---------------
 6 files changed, 19 insertions(+), 83 deletions(-)
 delete mode 100644 src/Http/Middleware/XSSMode.php
 delete mode 100644 tests/Http/Middleware/XSSModeTest.php

diff --git a/README.md b/README.md
index 4c2d684..c13940b 100644
--- a/README.md
+++ b/README.md
@@ -70,8 +70,6 @@ return [
 
     'referrer-policy' => 'no-referrer-when-downgrade',
 
-    'xss-mode' => '1; mode=block',
-
     'strict-transport-security' => 'max-age=31536000; includeSubDomains',
 
     'certificate-transparency' => 'enforce, max-age=30',
diff --git a/config/headers.php b/config/headers.php
index 7715726..f6a5a69 100644
--- a/config/headers.php
+++ b/config/headers.php
@@ -12,8 +12,6 @@
 
     'referrer-policy' => 'no-referrer-when-downgrade',
 
-    'xss-mode' => '1; mode=block',
-
     'strict-transport-security' => 'max-age=31536000; includeSubDomains',
 
     'certificate-transparency' => 'enforce, max-age=30',
diff --git a/src/Http/Middleware/XSSMode.php b/src/Http/Middleware/XSSMode.php
deleted file mode 100644
index a2759a3..0000000
--- a/src/Http/Middleware/XSSMode.php
+++ /dev/null
@@ -1,27 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace Treblle\SecurityHeaders\Http\Middleware;
-
-use Closure;
-use Illuminate\Http\Request;
-use Illuminate\Http\Response;
-
-final class XSSMode
-{
-    public function handle(Request $request, Closure $next): Response
-    {
-        /**
-         * @var Response $response
-         */
-        $response = $next($request);
-
-        $response->headers->set(
-            key: 'X-XSS-Protection',
-            values: strval(config('headers.xss-mode')),
-        );
-
-        return $response;
-    }
-}
diff --git a/src/Providers/PackageServiceProvider.php b/src/Providers/PackageServiceProvider.php
index 8d5376b..f381073 100644
--- a/src/Providers/PackageServiceProvider.php
+++ b/src/Providers/PackageServiceProvider.php
@@ -11,7 +11,7 @@ final class PackageServiceProvider extends ServiceProvider
     public function boot(): void
     {
         $this->publishes([
-            __DIR__ . '/../../config/headers.php' => config_path('headers.php'),
+            __DIR__.'/../../config/headers.php' => config_path('headers.php'),
         ], 'security-headers');
     }
 }
diff --git a/tests/Http/Middleware/XSSModeTest.php b/tests/Http/Middleware/XSSModeTest.php
deleted file mode 100644
index 21b4846..0000000
--- a/tests/Http/Middleware/XSSModeTest.php
+++ /dev/null
@@ -1,22 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-use Illuminate\Http\Request;
-use Illuminate\Http\Response;
-use Treblle\SecurityHeaders\Http\Middleware\XSSMode;
-
-it('can set the cross site protection mode for the response', function (): void {
-    $middleware = new XSSMode();
-
-    $response = $middleware->handle(
-        request: Request::create(
-            uri: '/',
-        ),
-        next: fn () => new Response(),
-    );
-
-    expect(
-        $response->headers->get('X-XSS-Protection'),
-    )->toEqual('1; mode=block');
-});
diff --git a/tests/PackageTestCase.php b/tests/PackageTestCase.php
index 8d657df..a9f2318 100644
--- a/tests/PackageTestCase.php
+++ b/tests/PackageTestCase.php
@@ -24,36 +24,25 @@ protected function getPackageProviders($app): array
 
     protected function defineEnvironment($app): void
     {
-        tap($app->make('config'), function (Repository $config): void {
-            $config->set('headers.remove', [
-                'X-Powered-By',
-                'Server',
-            ]);
+        tap($app->make('config'), static function (Repository $config): void {
+            $config->set('headers', [
+                'remove' => [
+                    'X-Powered-By',
+                    'x-powered-by',
+                    'Server',
+                    'server',
+                ],
+
+                'referrer-policy' => 'no-referrer-when-downgrade',
+
+                'strict-transport-security' => 'max-age=31536000; includeSubDomains',
 
-            $config->set(
-                'headers.referrer-policy',
-                'no-referrer-when-downgrade',
-            );
-            $config->set(
-                'headers.xss-mode',
-                '1; mode=block',
-            );
-            $config->set(
-                'headers.strict-transport-security',
-                'max-age=31536000; includeSubDomains',
-            );
-            $config->set(
-                'headers.certificate-transparency',
-                'enforce, max-age=30',
-            );
-            $config->set(
-                'headers.permissions-policy',
-                'autoplay=(self), camera=(), encrypted-media=(self), fullscreen=(), geolocation=(self), gyroscope=(self), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(self), usb=()'
-            );
-            $config->set(
-                'headers.content-type-options',
-                'nosniff',
-            );
+                'certificate-transparency' => 'enforce, max-age=30',
+
+                'permissions-policy' => 'autoplay=(self), camera=(), encrypted-media=(self), fullscreen=(), geolocation=(self), gyroscope=(self), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(self), usb=()',
+
+                'content-type-options' => 'nosniff',
+            ]);
         });
     }
 }