Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
| Total | |
0.00% |
0 / 4 |
|
0.00% |
0 / 1 |
CRAP | |
0.00% |
0 / 1 |
| XFrameOptions | |
0.00% |
0 / 4 |
|
0.00% |
0 / 1 |
2 | |
0.00% |
0 / 1 |
| handle | |
0.00% |
0 / 4 |
|
0.00% |
0 / 1 |
2 | |||
| 1 | <?php |
| 2 | |
| 3 | namespace App\Http\Middleware; |
| 4 | |
| 5 | use Closure; |
| 6 | use Illuminate\Http\Request; |
| 7 | use Symfony\Component\HttpFoundation\Response; |
| 8 | |
| 9 | class XFrameOptions |
| 10 | { |
| 11 | /** |
| 12 | * Handle an incoming request. |
| 13 | * |
| 14 | * @param \Closure $next |
| 15 | * @param string|null $option |
| 16 | * @return \Illuminate\Http\Response |
| 17 | */ |
| 18 | public function handle(Request $request, Closure $next, $option = 'DENY'): Response |
| 19 | { |
| 20 | $response = $next($request); |
| 21 | |
| 22 | $response->headers->set('X-Frame-Options', $option); |
| 23 | $response->headers->set('Content-Security-Policy', "frame-ancestors 'none';"); |
| 24 | |
| 25 | return $response; |
| 26 | } |
| 27 | } |