Download the PHP package area17/twill-security-headers without Composer
On this page you can find all versions of the php package area17/twill-security-headers. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download area17/twill-security-headers
More information about area17/twill-security-headers
Files in area17/twill-security-headers
Package twill-security-headers
Short Description A Twill Capsule to add and handle Security Headers
License Apache-2.0
Homepage https://github.com/area17/twill-security-headers
Informations about the package twill-security-headers
Security Headers Twill Capsule
This Twill Capsule is intended to enable developers add Security Headers configuration to applications, giving users a friendly dashboard to configure these headers:
Screenshots
CMS configuration
Mozilla Observatory security headers check
Supported Headers
- CSP (Content Security Policy)
- HSTS (Strict-Transport-Security)
- Permissions-Policy
- Referrer-Policy
- X-Content-Type-Options
- X-Frame-Options
- Expect-CT (deprecated by most browsers)
- X-XSS-Protection (non-standard, not for production)
Unwanted headers
This capsule also has an option for removing any unwanted headers from the response. Update the config/twill-security-headers.php
file to add any unwanted headers from the response:
Installing
Supported Versions
Composer will manage this automatically for you, but these are the supported versions between Twill and this package.
Twill Version | HTTP Basic Auth Capsule |
---|---|
3.x | 2.x |
2.x | 1.x |
Require the Composer package:
Publish the configuration
Migrate the database to create package tables
Usage
It's pretty straightforward, once installed you will have access to the menu option Twill Security Headers
, which is a single page having all the supported headers that you can enable, disable and edit the properties to sent with the response.
Menu
If you are clearing the Twill menu in order to create a new one yourself, you will need to add it manually:
CSP config
Creating CSP policies usually takes time and it's hard to write them manually. You can make use if Report URI, a great tool that allows you to paste your current policy, edit and generate a new string to be pasted on the package.
Disabling
This package is enabled and injects itself automatically. To disable it you just need to add to .env
:
Contribute
Please contribute to this project by submitting pull requests.