735Tesla
Reputation: 3241
Laravel Not Adding Custom Headers
Using laravel, I am attempting to add my own headers to all responses from the server.
I have the following in filters.php:
App::after(function($request, $response)
{
// security related
$response->headers->set('X-Frame-Options','deny'); // Anti clickjacking
$response->headers->set('X-XSS-Protection', '1; mode=block'); // Anti cross site scripting (XSS)
$response->headers->set('X-Content-Type-Options', 'nosniff'); // Reduce exposure to drive-by dl attacks
$response->headers->set('Content-Security-Policy', 'default-src \'self\''); // Reduce risk of XSS, clickjacking, and other stuff
// Don't cache stuff (we'll be updating the page frequently)
$response->headers->set('Cache-Control', 'nocache, no-store, max-age=0, must-revalidate');
$response->headers->set('Pragma', 'no-cache');
$response->headers->set('Expires', 'Fri, 01 Jan 1990 00:00:00 GMT');
// CRITICAL: do NOT delete
$response->headers->set('X-Archer', 'DANGER ZONE');
});
Yet no new headers show up when I test it:
[tesla | ~] => curl -o/dev/null -s -D - localhost
HTTP/1.1 200 OK
Date: Wed, 10 Dec 2014 23:13:30 GMT
Server: Apache
X-Powered-By: PHP/5.6.2
Content-Length: 974
Content-Type: text/html; charset=UTF-8
[tesla | ~] =>
I have no error or warnings in my log files. How could this be?
Upvotes: 6
Views: 5716
Answers (3)
Harry Bosh
Reputation: 3790
return response($content)
->header('Content-Type', $type)
->header('X-Header-One', 'Header Value')
->header('X-Header-Two', 'Header Value');
laravel 5.8
Upvotes: 0
FredTheWebGuy
Reputation: 2586
Try this out: In the controller function that calls the view, follow with a call to the 'Response' class:
$contents = View::make('your_view')->with('data', $data);
$response = Response::make($contents, 200);
$response->header('X-Frame-Options','deny'); // Anti clickjacking
$response->header('X-XSS-Protection', '1; mode=block'); // Anti cross site scripting (XSS)
$response->header('X-Content-Type-Options', 'nosniff'); // Reduce exposure to drive-by dl attacks
$response->header('Content-Security-Policy', 'default-src \'self\''); // Reduce risk of XSS, clickjacking, and other stuff
// Don't cache stuff (we'll be updating the page frequently)
$response->header('Cache-Control', 'nocache, no-store, max-age=0, must-revalidate');
$response->header('Pragma', 'no-cache');
$response->header('Expires', 'Fri, 01 Jan 1990 00:00:00 GMT');
return $response;
Of course you could refactor the above and include it in a helper function.
Upvotes: 5
jva91
Reputation: 41
Also an option:
return Response::view('view_name', [
'data' => $data,
])->header('X-Frame-Options','deny');
Found in: http://laravel.com/docs/4.2/responses#basic-responses
Look at Creating Custom Responses
Upvotes: 0
Related Questions
- Where can I set headers in laravel
- how do I set headers programmatically on Laravel Http Client?
- Header not allowed on the server?
- Custom Header not available in Laravel $request object
- Laravel custom request headers are not populated
- Laravel | Error : Header may not may not contain more than a single header
- Laravel headers not being sent
- Laravel in Apache getting header value
- Adding headers to internal requests in Laravel 4
- Setting headers in Laravel