Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The right way to config #33

Closed
Masoud180 opened this issue May 13, 2019 · 8 comments
Closed

The right way to config #33

Masoud180 opened this issue May 13, 2019 · 8 comments

Comments

@Masoud180
Copy link

Hi
I'm new in Laravel and I have some questions about your package.
I added
\Bepsvpt\SecureHeaders\SecureHeadersMiddleware::class,
to $middlewarePriority in Kernel.php
Is that right?
And what should I write in secure-headers.php?
And how can I be sure that I configured it in the right way?
I'm using Laravel 5.8.
Thanks in advanced.
@bepsvpt
Copy link
Owner

bepsvpt commented May 14, 2019

Hi @Masoud180 ,

I added
\Bepsvpt\SecureHeaders\SecureHeadersMiddleware::class,
to $middlewarePriority in Kernel.php
Is that right?

You need to add it to $middleware in app/Http/Kernel.php file. $middlewarePriority is used to specific the order when middlewares are assigned to the route.

And what should I write in secure-headers.php?

Use HTTP Strict Transport Security for example, if you want to enable HTTP Strict Transport Security, you can change enable value from false to true at here.

Each section has reference link in comment block(example), you can check that link for further information. Some headers will broke the page when they are configured incorrectly. Thus, I will sugguest you check out the reference link before setting it up.

And how can I be sure that I configured it in the right way?

You can use php artisan serve to start PHP development server and open browser developer tools to check whether the response header is configured correctly or not.

@Masoud180
Copy link
Author

Thank you so much.

@bepsvpt
Copy link
Owner

bepsvpt commented May 14, 2019

If you have any other questions, feel free to comment on this issue.

@bepsvpt bepsvpt closed this as completed May 14, 2019
@Masoud180
Copy link
Author

Masoud180 commented May 15, 2019
edited

Thanks
While I was checking that, I came up with a question.
In secure-headers.php, server parameter is null ('') but I can see my real server details in http header and it doesn't change it.
And also x-xss-protection doesn't exist on header response!
What should I do to apply them?

@bepsvpt
Copy link
Owner

bepsvpt commented May 16, 2019

In secure-headers.php, server parameter is null ('') but I can see my real server details in http header and it doesn't change it.

When server is empty string, it will not add to response header(#1). If you want to change this header, you should assign a value to it.

And also x-xss-protection doesn't exist on header response!

Could you provide more information about this problem?

@Masoud180
Copy link
Author

Masoud180 commented May 16, 2019
edited

Thanks
x-xss-protection is fixed. but server is still displaying real details.
I set this to another string but still not working.
2019-05-16 14_19_39-ورود به پنل کاربری
2019-05-16 14_20_50-secure-headers php - cPanel File Manager v3

@bepsvpt
Copy link
Owner

bepsvpt commented May 19, 2019

Not all web server services support setting server header. This header only tested on Laravel Homestead and Nginx. Sorry for not mention this on config file comment.

@Masoud180
Copy link
Author

Thank you so much.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bepsvpt @Masoud180