zae/strict-transport-security

Set the HSTS header to enable HTTP Strict Transport Security

strict-transport-security

, _(*1)

Enable HTTP Strict Transport Security using HTTP Middleware, _(*2)

L4 / L5

Middleware is available for both Laravel 4 and 5., _(*3)

Install

Via Composer, _(*4)

``` bash $ composer require zae/strict-transport-security, <sub>(*5)</sub>

## Usage

### Laravel 5
Add the class `Zae\StrictTransportSecurity\Middleware\L5\StrictTransportSecurity` to the `$middlewares` array.

``` php
#app/Http/Kernel.php

protected $middleware = [
    'Illuminate\View\Middleware\ShareErrorsFromSession',
    'Zae\StrictTransportSecurity\Middleware\L5\StrictTransportSecurity',
];

It's not strictly required to use the middleware but if you want to use the vendor:publish command add the service provider Zae\StrictTransportSecurity\ServiceProvider\L5HTSTServiceProvider to the providers array in the app config. ``` php, <sub>(*6)</sub>

config/app.php

return [ 'providers' => [ Illuminate\View\ViewServiceProvider::class,, <sub>(*7)</sub>

    Zae\StrictTransportSecurity\ServiceProvider\L5HTSTServiceProvider::class,
],

];, <sub>(*8)</sub>

Publish the config with `php artisan vendor:publish`. This file will be created at `config/hsts.php`.

### Laravel 4
Add the serviceprovider to the list of service providers: `Zae\StrictTransportSecurity\ServiceProvider\L4HTSTServiceProvider`

``` php
#app/config.php

'providers' => array(
    'Illuminate\Foundation\Providers\ArtisanServiceProvider',
    'Illuminate\Auth\AuthServiceProvider',

    'Zae\StrictTransportSecurity\ServiceProvider\L4HTSTServiceProvider',
),

Silex Example

``` php require DIR . '/../vendor/autoload.php';, <sub>(*9)</sub>

use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Response;, <sub>(*10)</sub>

$app = new Silex\Application();, <sub>(*11)</sub>

$app->get('/', function(Request $request) { return new Response('Hello world!', 200); });, <sub>(*12)</sub>

$app = (new Stack\Builder()) ->push('Zae\StrictTransportSecurity\Middleware\L4\StrictTransportSecurity', [new \Zae\StrictTransportSecurity\HSTS(new Illuminate\Config\Repository())]) ->resolve($app) ;, <sub>(*13)</sub>

$request = Request::createFromGlobals(); $response = $app->handle($request)->send();, <sub>(*14)</sub>

$app->terminate($request, $response);, <sub>(*15)</sub>

### Symfony Example
``` php
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Debug\Debug;

$loader = require_once __DIR__.'/../app/bootstrap.php.cache';
Debug::enable();

require_once __DIR__.'/../app/AppKernel.php';

$kernel = new AppKernel('dev', true);
$kernel->loadClassCache();

$app = (new Stack\Builder())
    ->push('Zae\StrictTransportSecurity\Middleware\L4\StrictTransportSecurity', [new \Zae\StrictTransportSecurity\HSTS(new Illuminate\Config\Repository())])
    ->resolve($app)
;

$kernel = $stack->resolve($kernel);

Request::enableHttpMethodParameterOverride();
$request = Request::createFromGlobals();
$response = $kernel->handle($request);
$response->send();
$kernel->terminate($request, $response);

Testing

bash $ phpunit, <sub>(*16)</sub>

Contributing

Contributions are welcome via pull requests on github., <sub>(*17)</sub>

Credits

• Ezra Pool

License

The MIT License (MIT). Please see License File for more information., <sub>(*18)</sub>