How to set X-Frame-Options in laravel project?

Question

I want to prevent my website from clickJacking attack. In which file and where to set X-Frame-Options for preventing clickJacking attack.

Answer 1

okay, if you are hosting your project on a live server, all you need to do is modify your .htaccess file

<IfModule mod_headers.c>
    Header always set Content-Security-Policy "frame-ancestors *;"
</IfModule>

this works for me

Answer 2

To fix the problem on all your routes :

Add FrameGuard::class, on the protected $middleware in your app/http/Kernel.php

FrameGuard.php by default is set to "SAMEORIGIN", but you can change the second parameter of the following line with "DENY" or "ALLOW-FROM uri" (according to your needs) :

$response->headers->set('X-Frame-Options', 'SAMEORIGIN', false);

Answer 3

You have 2 ways:

• Setup it in a reverse proxy such as Nginx

add_header X-Frame-Options "SAMEORIGIN";

• Use Laravel middleware Illuminate\Http\Middleware\FrameGuard onto the routes you want to protect.

<?php

namespace Illuminate\Http\Middleware;

use Closure;

class FrameGuard
{
    /**
     * Handle the given request and get the response.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return \Symfony\Component\HttpFoundation\Response
     */
    public function handle($request, Closure $next)
    {
        $response = $next($request);

        $response->headers->set('X-Frame-Options', 'SAMEORIGIN', false);

        return $response;
    }
}