Handles common security headers in a convenient way
string
'all'
string
'allow-from'
string
'by-content-type'
string
'by-ftp-filename'
string
'deny'
string
'master-only'
string
'none'
string
'noopen'
string
'nosniff'
string
'no-referrer'
string
'no-referrer-when-downgrade'
string
'origin'
string
'origin-when-cross-origin'
string
'sameorigin'
string
'same-origin'
string
'strict-origin'
string
'strict-origin-when-cross-origin'
string
'unsafe-url'
string
'block'
string
'0'
string
'1'
string
'1; mode=block'
array
Security related headers to set
checkValues(string $value, array $allowed)
Convenience method to check if a value is in the list of allowed args
string
$value Value to check
string[]
$allowed List of allowed values
InvalidArgumentException
noOpen()
X-Download-Options
Sets the header value for it to 'noopen'
$this
noSniff()
X-Content-Type-Options
Sets the header value for it to 'nosniff'
$this
process(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Server\RequestHandlerInterface $handler)
Serve assets if the path matches one.
\Psr\Http\Message\ServerRequestInterface
$request The request.
\Psr\Http\Server\RequestHandlerInterface
$handler The request handler.
\Psr\Http\Message\ResponseInterface
A response.
setCrossDomainPolicy(string $policy)
X-Permitted-Cross-Domain-Policies
string
$policy optional Policy value. Available Values: 'all', 'none', 'master-only', 'by-content-type', 'by-ftp-filename'
$this
setReferrerPolicy(string $policy)
Referrer-Policy
string
$policy optional Policy value. Available Value: 'no-referrer', 'no-referrer-when-downgrade', 'origin', 'origin-when-cross-origin', 'same-origin', 'strict-origin', 'strict-origin-when-cross-origin', 'unsafe-url'
$this
setXFrameOptions(string $option, ?string $url)
X-Frame-Options
string
$option optional Option value. Available Values: 'deny', 'sameorigin', 'allow-from
string
$url optional URL if mode is allow-from
$this
setXssProtection(string $mode)
X-XSS-Protection
string
$mode optional Mode value. Available Values: '1', '0', 'block'
$this
Security related headers to set
array
© 2005–present The Cake Software Foundation, Inc.
Licensed under the MIT License.
CakePHP is a registered trademark of Cake Software Foundation, Inc.
We are not endorsed by or affiliated with CakePHP.
https://api.cakephp.org/4.1/class-Cake.Http.Middleware.SecurityHeadersMiddleware.html