Cara Bikin Website Kamu Kebal Clickjacking dalam 1 Menit.
- composer create-project laravel/laravel testing
- php artisan make:middleware SecurityHeaders
- update bagian middleware
{
public function handle(Request $request, Closure $next): Response
{
$response = $next($request);
$response->headers->set('X-Frame-Options', 'SAMEORIGIN');
$response->headers->set('X-XSS-Protection', '1; mode=block');
$response->headers->set('X-Content-Type-Options', 'nosniff');
$response->headers->set('Referrer-Policy', 'no-referrer-when-downgrade');
$response->headers->set('Strict-Transport-Security', 'max-age=31536000; includeSubDomains');
$response->headers->set('Content-Security-Policy', "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline';");
return $response;
}
}
-
update juga bagian bootsrap/app.php
->withMiddleware(function (Middleware $middleware) { $middleware->append(SecurityHeaders::class); })
-
install cloudfare untuk ujicoba (https) Invoke-WebRequest -Uri "https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-windows-amd64.exe" -OutFile "cloudflared.exe"
-
running server (php artisan serve)
-
.\cloudflared.exe tunnel --url http://127.0.0.1:8000
-
dapatkan link acak saat running tunnel cloudflared
-
cek header securitymu disini https://securityheaders.com/