Permalink
Browse files

New FrameGuard middleware sends SAMEORIGIN X-Frame-Options header on …

…each response by default.
  • Loading branch information...
taylorotwell committed Nov 1, 2013
1 parent 4ca7ade commit 15513cc96790e33b7a136db381b06805863d3009
@@ -106,10 +106,23 @@ class Application extends Container implements HttpKernelInterface, TerminableIn
*/
public function __construct(Request $request = null)
{
$this->instance('request', $request = Request::createFromGlobals());
$this->registerBaseBindings($request ?: Request::createFromGlobals());
$this->registerBaseServiceProviders();
$this->registerBaseMiddlewares();
}
/**
* Register the basic bindings into the container.
*
* @param \Illuminate\Http\Request $request
* @return void
*/
protected function registerBaseBindings($request)
{
$this->instance('request', $request);
$this->instance('Illuminate\Container\Container', $this);
}
@@ -558,14 +571,24 @@ protected function mergeCustomMiddlewares(\Stack\Builder $stack)
{
foreach ($this->middlewares as $middleware)
{
list($class, $parameters) = $middleware;
list($class, $parameters) = array_values($middleware);
$parameters = array_unshift($parameters, $class);
array_unshift($parameters, $class);
call_user_func_array(array($stack, 'push'), $parameters);
}
}
/**
* Register the default, but optional middlewares.
*
* @return void
*/
protected function registerBaseMiddlewares()
{
$this->middleware('Illuminate\Http\FrameGuard');
}
/**
* Add a HttpKernel middleware onto the stack.
*
@@ -580,6 +603,20 @@ public function middleware($class, array $parameters = array())
return $this;
}
/**
* Remove a custom middleware from the application.
*
* @param string $class
* @return void
*/
public function forgetMiddleware($class)
{
$this->middlewares = array_filter($this->middlewares, function($m) use ($class)
{
return $m['class'] != $class;
});
}
/**
* Handle the given request and get the response.
*
@@ -11,6 +11,7 @@
$basePath.'/vendor/laravel/framework/src/Illuminate/Foundation/Application.php',
$basePath.'/vendor/laravel/framework/src/Illuminate/Foundation/EnvironmentDetector.php',
$basePath.'/vendor/laravel/framework/src/Illuminate/Http/Request.php',
$basePath.'/vendor/laravel/framework/src/Illuminate/Http/FrameGuard.php',
$basePath.'/vendor/symfony/http-foundation/Symfony/Component/HttpFoundation/Request.php',
$basePath.'/vendor/symfony/http-foundation/Symfony/Component/HttpFoundation/ParameterBag.php',
$basePath.'/vendor/symfony/http-foundation/Symfony/Component/HttpFoundation/FileBag.php',
@@ -43,7 +43,8 @@
{"message": "New 'whereHas' and 'orWhereHas' Eloquent methods that allow extra constraints on 'has' type queries.", "backport": null},
{"message": "New 'or' syntax in Blade echos can be used to build isset statements and echos.", "backport": null},
{"message": "Allow the 'name' of belongsTo and belongsToMany to be explictly set.", "backport": null},
{"message": "New Cache::tags feature that allows tagging cached items and flushing them by any tag.", "backport": null}
{"message": "New Cache::tags feature that allows tagging cached items and flushing them by any tag.", "backport": null},
{"message": "New FrameGuard middleware sends SAMEORIGIN X-Frame-Options header on each response by default.", "backport": null}
],
"4.0.x": [
{"message": "Added implode method to query builder and Collection class.", "backport": null},
@@ -0,0 +1,45 @@
<?php namespace Illuminate\Http;
use Symfony\Component\HttpFoundation\Request;

This comment has been minimized.

@marcvdm

marcvdm Nov 2, 2013

Contributor

@taylorotwell When using this i get the following error http://paste.laravel.com/13LK

The error is because the namespace already contains a Request in namespace Illuminate\Http\Request

This comment has been minimized.

@taylorotwell

taylorotwell Nov 2, 2013

Member

Thanks, fixed.

use Symfony\Component\HttpKernel\HttpKernelInterface;
class FrameGuard implements HttpKernelInterface {
/**
* The wrapped kernel implementation.
*
* @var \Symfony\Component\HttpKernel\HttpKernelInterface
*/
protected $app;
/**
* Create a new CookieQueue instance.

This comment has been minimized.

@franzliedke

franzliedke Nov 4, 2013

Contributor

Not a cookie queue, I think. ;)
Probably a copy-and-paste error.

*
* @param \Symfony\Component\HttpKernel\HttpKernelInterface $app
* @return void
*/
public function __construct(HttpKernelInterface $app)
{
$this->app = $app;
}
/**
* Handle the given request and get the response.
*
* @implements HttpKernelInterface::handle
*
* @param \Symfony\Component\HttpFoundation\Request $request
* @param int $type
* @param bool $catch
* @return \Symfony\Component\HttpFoundation\Response
*/
public function handle(Request $request, $type = HttpKernelInterface::MASTER_REQUEST, $catch = true)
{
$response = $this->app->handle($request, $type, $catch);
$response->headers->set('X-Frame-Options', 'SAMEORIGIN');
return $response;
}
}
@@ -10,7 +10,8 @@
"require": {
"illuminate/session": "4.1.x",
"illuminate/support": "4.1.x",
"symfony/http-foundation": "2.4.*"
"symfony/http-foundation": "2.4.*",
"symfony/http-kernel": "2.4.*"
},
"require-dev": {
"mockery/mockery": "0.7.2",

0 comments on commit 15513cc

Please sign in to comment.