No description, website, or topics provided.
PHP
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
_config
code
tests
.scrutinizer.yml
.travis.yml
LICENSE
README.md
_config.php
composer.json
phpunit.dist.xml

README.md

SilverStripe security headers

Build Status Code Coverage Scrutinizer Code Quality

SilverStripe module for easily adding a selection of useful HTTP headers.

Comes with a default set of headers configured, but can be used to add any headers you wish.

Install

Install via composer:

composer require guttmann/silverstripe-security-headers 1.0.*

Usage

Apply the extension

Apply the SecurityHeaderControllerExtension to the controller of your choice.

For example, add this to your mysite/_config/config.yml file:

Page_Controller:
  extensions:
    - Guttmann\SilverStripe\SecurityHeaderControllerExtension

Configure the headers

Configure header values to suit your site, it's important your config is loaded after the security-headers module's config.

For example, your mysite/_config/config.yml file might look like this:

---
Name: mysite
After:
  - 'framework/*'
  - 'cms/*'
  - 'security-headers/*'
---
Guttmann\SilverStripe\SecurityHeaderControllerExtension:
  headers:
    Content-Security-Policy: "default-src 'self' *.google-analytics.com;"
    Strict-Transport-Security: "max-age=2592000"

Disclaimer

I am not a security expert - the default header values used in this module are based on advice I have received from a number of sources.

They are not set in stone and if you see any issues please send me a pull request.