dev-master
9999999-dev
MIT
The Requires
- php >=5.3.2
- composer/installers *
- silverstripe/framework ~3.1
dev-travis-fix
dev-travis-fix
MIT
The Requires
- php >=5.3.2
- composer/installers *
- silverstripe/framework ~3.1
SilverStripe module for easily adding a selection of useful HTTP headers., (*2)
Comes with a default set of headers configured, but can be used to add any headers you wish., (*3)
Install via composer:, (*4)
composer require guttmann/silverstripe-security-headers 1.0.*
Apply the SecurityHeaderControllerExtension
to the controller of your choice., (*5)
For example, add this to your mysite/_config/config.yml
file:, (*6)
Page_Controller: extensions: - Guttmann\SilverStripe\SecurityHeaderControllerExtension
Configure header values to suit your site, it's important your config is loaded after the security-headers module's config., (*7)
For example, your mysite/_config/config.yml
file might look like this:, (*8)
--- Name: mysite After: - 'framework/*' - 'cms/*' - 'security-headers/*' --- Guttmann\SilverStripe\SecurityHeaderControllerExtension: headers: Content-Security-Policy: "default-src 'self' *.google-analytics.com;" Strict-Transport-Security: "max-age=2592000"
I am not a security expert - the default header values used in this module are based on advice I have received from a number of sources., (*9)
They are not set in stone and if you see any issues please send me a pull request., (*10)
MIT
MIT