Laravel Response Header Middleware
1.Response Header Middleware Minimum security measures
<?php
namespace App\Http\Middleware;
use Closure;
class AddResponseHeader
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
$response = $next($request);
$response->headers->set('AuthKey', $request->header('AuthKey'));
$response->headers->set('Access-Control-Expose-Headers', 'Content-Disposition');
$response->headers->set('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
$response->headers->set('Access-Control-Allow-Headers', 'AuthKey, Cache-Control, Content-Type, X-Content-Type-Options, X-Requested-With');
$response->headers->set('Cache-Control', 'no-cache');
$response->headers->set('Content-Type', 'application/json; charset=utf-8');
$response->headers->set('Strict-Transport-Security', 'max-age=31536000');
$response->headers->set('X-Content-Type-Options', 'nosniff');
$response->headers->set('X-XSS-Protection', '1; mode=block');
$response->headers->set('X-Frame-Options', 'deny');
$response->headers->set('Access-Control-Allow-Headers ', 'deny');
$response->headers->set('X-Frame-Options', 'deny');
$response->headers->set('Access-Control-Allow-Origin', '*');
return $response;
}
}