strict-transport-security

Enable HTTP Strict Transport Security using HTTP Middleware

L4 / L5

Middleware is available for both Laravel 4 and 5.

Install

Via Composer

$ composer require zae/strict-transport-security

Usage

Laravel 5

Add the class Zae\StrictTransportSecurity\Middleware\L5\StrictTransportSecurity to the $middlewares array.

#app/Http/Kernel.php

protected $middleware = [
	'Illuminate\View\Middleware\ShareErrorsFromSession',
	'Zae\StrictTransportSecurity\Middleware\L5\StrictTransportSecurity',
];

Add the service provider Zae\StrictTransportSecurity\ServiceProvider\L5HTSTServiceProvider to the providers array in the app config.

#config/app.php

return [
	'providers' => [
		Illuminate\View\ViewServiceProvider::class,

		Zae\StrictTransportSecurity\ServiceProvider\L5HTSTServiceProvider::class,
	],
];

Publish the config with php artisan vendor:publish. This file will be created at config/hsts.php.

Laravel 4

Add the serviceprovider to the list of service providers: Zae\StrictTransportSecurity\ServiceProvider\L4HTSTServiceProvider

#app/config.php

'providers' => array(
	'Illuminate\Foundation\Providers\ArtisanServiceProvider',
	'Illuminate\Auth\AuthServiceProvider',
	
	'Zae\StrictTransportSecurity\ServiceProvider\L4HTSTServiceProvider',
),

Silex Example

require __DIR__ . '/../vendor/autoload.php';

use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;

$app = new Silex\Application();

$app->get('/', function(Request $request) {
return new Response('Hello world!', 200);
});

$app = (new Stack\Builder())
->push('Zae\StrictTransportSecurity\Middleware\L4\StrictTransportSecurity', [new \Zae\StrictTransportSecurity\HSTS(new Illuminate\Config\Repository())])
->resolve($app)
;

$request = Request::createFromGlobals();
$response = $app->handle($request)->send();

$app->terminate($request, $response);

Symfony Example

use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Debug\Debug;

$loader = require_once __DIR__.'/../app/bootstrap.php.cache';
Debug::enable();

require_once __DIR__.'/../app/AppKernel.php';

$kernel = new AppKernel('dev', true);
$kernel->loadClassCache();

$app = (new Stack\Builder())
	->push('Zae\StrictTransportSecurity\Middleware\L4\StrictTransportSecurity', [new \Zae\StrictTransportSecurity\HSTS(new Illuminate\Config\Repository())])
	->resolve($app)
;

$kernel = $stack->resolve($kernel);

Request::enableHttpMethodParameterOverride();
$request = Request::createFromGlobals();
$response = $kernel->handle($request);
$response->send();
$kernel->terminate($request, $response);

Testing

$ phpunit

Contributing

Contributions are welcome via pull requests on github.

Credits

Ezra Pool

License

The MIT License (MIT). Please see License File for more information.

robertboes / strict-transport-security Goto Github PK