Skip to content

area17/twill-security-headers

Repository files navigation

Security Headers Twill Capsule

This Twill Capsule is intended to enable developers add Security Headers configuration to applications, giving users a friendly dashboard to configure these headers:

Screenshots

CMS configuration

screenshot 1

screenshot 2

Mozilla Observatory security headers check

screenshot 2

Supported Headers

Unwanted headers

This capsule also has an option for removing any unwanted headers from the response. Update the config/twill-security-headers.php file to add any unwanted headers from the response:

'unwanted-headers' => ['X-Powered-By', 'server', 'Server'],

Installing

Supported Versions

Composer will manage this automatically for you, but these are the supported versions between Twill and this package.

Twill Version HTTP Basic Auth Capsule
3.x 2.x
2.x 1.x

Require the Composer package:

composer require area17/twill-security-headers

Publish the configuration

php artisan vendor:publish --provider="A17\TwillSecurityHeaders\ServiceProvider"

Usage

It's pretty straightforward, once installed you will have access to the menu option Twill Security Headers, which is a single page having all the supported headers that you can enable, disable and edit the properties to sent with the response.

CSP config

Creating CSP policies usually takes time and it's hard to write them manually. You can make use if Report URI, a great tool that allows you to paste your current policy, edit and generate a new string to be pasted on the package.

Disabling

This package is enabled and injects itself automatically. To disable it you just need to add to .env:

TWILL_SECURITY_HEADERS_ENABLED=false

Contribute

Please contribute to this project by submitting pull requests.

About

A Twill Capsule to add and handle Security Headers

Resources

License

Security policy

Stars

Watchers

Forks

Sponsor this project

Packages

No packages published