fix x-powered-by header key, closes #50

bepsvpt · Jul 27, 2020 · b405451 · b405451
1 parent e6ebe12
commit b405451
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 8 deletions.
diff --git a/config/secure-headers.php b/config/secure-headers.php
@@ -53,12 +53,12 @@
     'x-permitted-cross-domain-policies' => 'none',
 
     /*
-     * X-Power-By
+     * X-Powered-By
      *
      * Note: it will not add to response header if the value is empty string.
      */
 
-    'x-power-by' => '',
+    'x-powered-by' => '',
 
     /*
      * X-XSS-Protection

diff --git a/src/SecureHeaders.php b/src/SecureHeaders.php
@@ -227,7 +227,7 @@ protected function miscellaneous(): array
             'X-Download-Options' => $this->config['x-download-options'],
             'X-Frame-Options' => $this->config['x-frame-options'],
             'X-Permitted-Cross-Domain-Policies' => $this->config['x-permitted-cross-domain-policies'],
-            'X-Power-By' => $this->config['x-power-by'],
+            'X-Powered-By' => $this->config['x-powered-by'] ?? ($this->config['x-power-by'] ?? ''),
             'X-XSS-Protection' => $this->config['x-xss-protection'],
             'Referrer-Policy' => $this->config['referrer-policy'],
             'Server' => $this->config['server'],

diff --git a/tests/SecureHeadersTest.php b/tests/SecureHeadersTest.php
@@ -76,22 +76,37 @@ public function testServerHeader()
         $this->assertSame('Example', $headers['Server']);
     }
 
-    public function testXPowerByHeader()
+    public function testXPoweredByHeader()
     {
         $config = $this->config();
 
         $this->assertArrayNotHasKey(
-            'X-Power-By',
+            'X-Powered-By',
             (new SecureHeaders($config))->headers()
         );
 
-        $config['x-power-by'] = 'Example';
+        $config['x-powered-by'] = 'Example';
 
         $headers = (new SecureHeaders($config))->headers();
 
-        $this->assertArrayHasKey('X-Power-By', $headers);
+        $this->assertArrayHasKey('X-Powered-By', $headers);
+
+        $this->assertSame('Example', $headers['X-Powered-By']);
+
+        // ensure backward compatibility
+
+        unset($config['x-powered-by']);
+
+        $this->assertArrayNotHasKey(
+            'X-Powered-By',
+            (new SecureHeaders($config))->headers()
+        );
+
+        $config['x-power-by'] = 'Example';
+
+        $this->assertArrayHasKey('X-Powered-By', $headers);
 
-        $this->assertSame('Example', $headers['X-Power-By']);
+        $this->assertSame('Example', $headers['X-Powered-By']);
     }
 
     public function testContentSecurityPolicy()