PHP download

Download the PHP package mawuekom/laravel-security-features without Composer

On this page you can find all versions of the php package mawuekom/laravel-security-features. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

Table of contents
Download mawuekom/laravel-security-features
More information about mawuekom/laravel-security-features
Files in mawuekom/laravel-security-features

Vendor mawuekom
Package laravel-security-features
Short Description A bunch of security focused features 💪
License MIT
Homepage https://github.com/mawuekom/laravel-security-features

Keywords security laravel mawuekom laravel-security-features security-features

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:

If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.

Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
To use Composer is sometimes complicated. Especially for beginners.
Composer needs much resources. Sometimes they are not available on a simple webspace.
If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.

Please rate this library. Is it a good library?

Example code of mawuekom/laravel-security-features

Informations about the package laravel-security-features

A bunch of security focused features 💪

This packages provides you with many security features for your laravel or lumen proect

Installation

You can install the package via composer:

Laravel

Go to config/app.php, and add this in the providers key

Publish package config

Lumen

Go to bootstrap/app.php, and add this in the specified key

Middleware

Modern security Middleware has been added to ensure our APIs or projects are a little more hardened than a default install.

The internet is a dangerous place, and when we are non-security minded developers, we often make mistakes that could easily be avoided.

App ID

This is the Identifier someone needs to send through to access your application.

This allows you to add a layer of annoyance to endpoints that do not need authentication, for example, endpoints that provide certain variables to applications, but that you do not want to hardcode into your applications.

It's also handy for providing different configuration information from a common endpoint based on the application in question, useful for things like white labels.

Set APP_ID in your .env and wrap your route in the middleware.

Example HTTP Header

Laravel

Go to App\Http\Kernel.php, and add this to $routeMiddleware
Lumen

Go to bootstrap/app.php, and add this to $app->routeMiddleware

Registration Access Key

Use this to limit access to registration endpoints to add a layer of annoyance.

This is useful for allowing endpoints for newsletter signups, etc., to know a key before being able to submit.

Set REGISTRATION_ACCESS_KEY in your .env and wrap your route in the middleware.

Example HTTP Header

Laravel

Go to App\Http\Kernel.php, and add this to $routeMiddleware
Lumen

Go to bootstrap/app.php, and add this to $app->routeMiddleware

Throttle

Allows you to set limits per route as to how many requests may happen.

This is useful for mitigating DDoS, Brute Force, and Flooding style attacks.

'throttle:3,1' means 3 requests per minute. 'throttle:300,1' means 300.

Certain common routes have default throttles.

Responds with headers indicating how many requests are left on these routes, and information about when bans expire.

Before Limit:

After Limit you get a 429 Too Many Requests, and the Response Body contains

Laravel

Go to App\Http\Kernel.php, and add this to $routeMiddleware
Lumen

Go to bootstrap/app.php, and add this to $app->routeMiddleware

Common Security Headers

Includes a set of Common security headers for browsers that support them.

Useful for defense against many different types of common attacks.

Content Security Policy

A good Content Security Policy helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks.

Content Security Policy (CSP) requires careful tuning and precise definition of the policy. If enabled, CSP has significant impact on the way the browser renders pages (e.g., inline JavaScript disabled by default and must be explicitly allowed in policy). CSP prevents a wide range of attacks, including Cross-site scripting and other cross-site injections.

X-Content-Type-Options

Setting this header will prevent the browser from interpreting files as something else than declared by the content type in the HTTP headers.

X-Frame-Options

X-Frame-Options response header improve the protection of web applications against Clickjacking. It declares a policy communicated from a host to the client browser on whether the browser must not display the transmitted content in frames of other web pages.

X-XSS-Protection

This header enables the Cross-site scripting (XSS) filter in your browser.

HTTP Strict Transport Security (HSTS)

HTTP Strict Transport Security (HSTS) is a web security policy mechanism which helps to protect websites against protocol downgrade attacks and cookie hijacking. It allows web servers to declare that web browsers (or other complying user agents) should only interact with it using secure HTTPS connections, and never via the insecure HTTP protocol.

No Cache Headers

Disables caching

Server Header

Adds information about the server.

Useful for overriding and obscuring the name of the technology running the web server, e.g. making Apache look like nginx, or for announcing the application name and version.

Laravel

Go to App\Http\Kernel.php, and add this to $routeMiddleware
Lumen

Go to bootstrap/app.php, and add this to $app->routeMiddleware

Requires APP_NAME and APP_VERSION set in the .env file.

CORS

Adds support for Cross Origin Resource Sharing.

See config/cors.php for all options.

Defaults to:

Should support OPTIONS Preflight with Authorization header.

Lumen

Go to bootstrap/app.php, and add this to specified keys

Contributing

Please be brutally critical of this in the interest of improving the security.

Feel free to contribute back.

I'm sure there are hundreds of ways of improving upon this work. Let's make the internet a safer place, together.

Security is everyone's problem.

License

The MIT License (MIT). Please see License File for more information.

All versions of laravel-security-features with dependencies

PHP Build Version

Package Version

Version v1.0.0 Release 13. Jun 2021
create-project require 0 people chose require and
0 people chose create-project.

Download

Download latest version of laravel-security-features from vendor mawuekom

Requires php Version ^7.4|^8.0
illuminate/support Version ^8.0
barryvdh/laravel-cors Version ^2.0

Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package mawuekom/laravel-security-features contains the following files

Loading the files please wait ....