SecurityHeadersFilter
extends Filter
in package
Security Headers Filter
Adds security headers to all HTTP responses to protect against common attacks:
- X-Frame-Options: Prevents clickjacking
- X-Content-Type-Options: Prevents MIME sniffing
- X-XSS-Protection: Legacy XSS protection for older browsers
- Referrer-Policy: Controls referrer information
- Content-Security-Policy: Restricts resource loading
- Strict-Transport-Security: Enforces HTTPS
Table of Contents
Properties
Methods
- __construct() : mixed
- getConfig() : array<string, mixed>
- Get current configuration
- post() : mixed|null
- pre() : mixed|null
- removeHeader() : self
- Remove a header from configuration
- setHeader() : self
- Update a specific header configuration
- addSecurityHeaders() : void
- Add security headers to the response
- headerExists() : bool
- Check if a header already exists
Properties
$_config
private
array<string, mixed>
$_config
$_postFn
private
Closure|null
$_postFn
$_preFn
private
Closure|null
$_preFn
Methods
__construct()
public
__construct([array<string, mixed> $config = [] ]) : mixed
Parameters
- $config : array<string, mixed> = []
-
Optional security header configuration
getConfig()
Get current configuration
public
getConfig() : array<string, mixed>
Return values
array<string, mixed>post()
public
post(RouteMap $route) : mixed|null
Parameters
- $route : RouteMap
Return values
mixed|nullpre()
public
pre(RouteMap $route) : mixed|null
Parameters
- $route : RouteMap
Return values
mixed|nullremoveHeader()
Remove a header from configuration
public
removeHeader(string $header) : self
Parameters
- $header : string
Return values
selfsetHeader()
Update a specific header configuration
public
setHeader(string $header, string $value) : self
Parameters
- $header : string
- $value : string
Return values
selfaddSecurityHeaders()
Add security headers to the response
protected
addSecurityHeaders() : void
headerExists()
Check if a header already exists
private
headerExists(string $headerName) : bool
Parameters
- $headerName : string