iger
/
engelsystem
9
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Added additional headers

This commit is contained in:
Igor Scheller 2018-10-27 11:11:37 +01:00 committed by msquare
parent 23c0fae36f
commit fd37c9d60e
5 changed files with 104 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -45,7 +45,7 @@ To report bugs use [engelsystem/issues](https://github.com/engelsystem/engelsyst
* Recommended: Directory Listing should be disabled. * Recommended: Directory Listing should be disabled.
* There must a be MySQL database created with a user who has full rights to that database. * There must a be MySQL database created with a user who has full rights to that database.
* If necessary, create a ```config/config.php``` to override values from ```config/config.default.php```. * If necessary, create a ```config/config.php``` to override values from ```config/config.default.php```.
* To remove values from the `footer_items`, `available_themes`, `locales` or `tshirt_sizes` lists the config file has to be renamed. * To remove values from the `footer_items`, `available_themes`, `locales`, `tshirt_sizes` or `headers` lists the config file has to be renamed.
* To import the database the ```bin/migrate``` script has to be called. * To import the database the ```bin/migrate``` script has to be called.
* In the browser, login with credentials ```admin```:```asdfasdf``` and change the password. * In the browser, login with credentials ```admin```:```asdfasdf``` and change the password.

1
config/app.php
View File

@ -37,6 +37,7 @@ return [
// Changes of request/response parameters // Changes of request/response parameters
\Engelsystem\Middleware\SetLocale::class, \Engelsystem\Middleware\SetLocale::class,
\Engelsystem\Middleware\AddHeaders::class,
// The application code // The application code
\Engelsystem\Middleware\ErrorHandler::class, \Engelsystem\Middleware\ErrorHandler::class,

13
config/config.default.php
View File

@ -150,4 +150,17 @@ return [
// IP addresses of reverse proxies that are trusted, can be an array or a comma separated list // IP addresses of reverse proxies that are trusted, can be an array or a comma separated list
'trusted_proxies' => env('TRUSTED_PROXIES', ['127.0.0.0/8', '::ffff:127.0.0.0/8', '::1/128']), 'trusted_proxies' => env('TRUSTED_PROXIES', ['127.0.0.0/8', '::ffff:127.0.0.0/8', '::1/128']),
// Add additional headers
'add_headers' => (bool)env('ADD_HEADERS', true),
'headers' => [
'X-Content-Type-Options' => 'nosniff',
'X-Frame-Options' => 'sameorigin',
'Referrer-Policy' => 'strict-origin-when-cross-origin',
'Content-Security-Policy' => 'default-src \'self\' \'unsafe-inline\' \'unsafe-eval\'',
'X-XSS-Protection' => '1; mode=block',
'Feature-Policy' => 'autoplay \'none\'',
//'Strict-Transport-Security' => 'max-age=7776000',
//'Expect-CT' => 'max-age=7776000,enforce,report-uri="[uri]"',
],
]; ];

46
src/Middleware/AddHeaders.php Normal file
View File

@ -0,0 +1,46 @@
<?php
namespace Engelsystem\Middleware;
use Engelsystem\Config\Config;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Server\MiddlewareInterface;
use Psr\Http\Server\RequestHandlerInterface;
class AddHeaders implements MiddlewareInterface
{
/** @var Config */
protected $config;
/**
* @param Config $config
*/
public function __construct(Config $config)
{
$this->config = $config;
}
/**
* Process an incoming server request and setting the locale if required
*
* @param ServerRequestInterface $request
* @param RequestHandlerInterface $handler
* @return ResponseInterface
*/
public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
{
$response = $handler->handle($request);
if (!$this->config->get('add_headers', true)) {
return $response;
}
$headers = $this->config->get('headers', []);
foreach ($headers as $name => $value) {
$response = $response->withAddedHeader($name, $value);
}
return $response;
}
}

43
tests/Unit/Middleware/AddHeadersTest.php Normal file
View File

@ -0,0 +1,43 @@
<?php
namespace Engelsystem\Test\Unit\Middleware;
use Engelsystem\Config\Config;
use Engelsystem\Http\Response;
use Engelsystem\Middleware\AddHeaders;
use PHPUnit\Framework\TestCase;
use PHPUnit_Framework_MockObject_MockObject as MockObject;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Server\RequestHandlerInterface;
class AddHeadersTest extends TestCase
{
/**
* @covers \Engelsystem\Middleware\AddHeaders::__construct
* @covers \Engelsystem\Middleware\AddHeaders::process
*/
public function testRegister()
{
/** @var ServerRequestInterface|MockObject $request */
$request = $this->getMockForAbstractClass(ServerRequestInterface::class);
/** @var RequestHandlerInterface|MockObject $handler */
$handler = $this->getMockForAbstractClass(RequestHandlerInterface::class);
$response = new Response();
$handler->expects($this->atLeastOnce())
->method('handle')
->willReturn($response);
$config = new Config(['add_headers' => false]);
$middleware = new AddHeaders($config);
$this->assertEquals($response, $middleware->process($request, $handler));
$config->set('add_headers', true);
$config->set('headers', ['Foo-Header' => 'bar!']);
$return = $middleware->process($request, $handler);
$this->assertNotEquals($response, $return);
$this->assertArraySubset(['Foo-Header' => ['bar!']], $return->getHeaders());
}
}