1. 首頁
  2. 問答
  3. Laravel不添加自定義頭文件

Laravel不添加自定義頭文件

2014-12-10 153 views
5

使用laravel,我試圖將我自己的頭文件添加到服務器的所有響應中。Laravel不添加自定義頭文件

我在filters.php如下:

App::after(function($request, $response) 
{ 
    // security related 
    $response->headers->set('X-Frame-Options','deny'); // Anti clickjacking 
    $response->headers->set('X-XSS-Protection', '1; mode=block'); // Anti cross site scripting (XSS) 
    $response->headers->set('X-Content-Type-Options', 'nosniff'); // Reduce exposure to drive-by dl attacks 
    $response->headers->set('Content-Security-Policy', 'default-src \'self\''); // Reduce risk of XSS, clickjacking, and other stuff 
    // Don't cache stuff (we'll be updating the page frequently) 
    $response->headers->set('Cache-Control', 'nocache, no-store, max-age=0, must-revalidate'); 
    $response->headers->set('Pragma', 'no-cache'); 
    $response->headers->set('Expires', 'Fri, 01 Jan 1990 00:00:00 GMT'); 
    // CRITICAL: do NOT delete 
    $response->headers->set('X-Archer', 'DANGER ZONE'); 
});

然而,沒有新的標題顯示了,當我測試它:

[tesla | ~] => curl -o/dev/null -s -D - localhost 
HTTP/1.1 200 OK 
Date: Wed, 10 Dec 2014 23:13:30 GMT 
Server: Apache 
X-Powered-By: PHP/5.6.2 
Content-Length: 974 
Content-Type: text/html; charset=UTF-8 

[tesla | ~] =>

我在日誌文件中沒有錯誤或警告。這怎麼可能?

來源

2014-12-10 735Tesla

+0

Laravel的哪個版本:

return Response::view('view_name', [ 'data' => $data, ])->header('X-Frame-Options','deny');

中發現了什麼?在4中,它是'header()'而不是'headers-> set()'http://laravel.com/docs/4.2/responses – mopo922 2014-12-10 23:45:26

+0

@ mopo922我正在使用4.2,但是將它改爲'$ response-> header ('key','val')'沒有改變任何東西 – 735Tesla 2014-12-10 23:55:16

+0

你可以嘗試的其他事情只是普通的PHP'header()' – mopo922 2014-12-10 23:57:08

回答

4

嘗試了這一點:在調用視圖控制器的功能,請用電話到「響應」類:

$contents = View::make('your_view')->with('data', $data); 
$response = Response::make($contents, 200); 
$response->header('X-Frame-Options','deny'); // Anti clickjacking 
$response->header('X-XSS-Protection', '1; mode=block'); // Anti cross site scripting (XSS) 
$response->header('X-Content-Type-Options', 'nosniff'); // Reduce exposure to drive-by dl attacks 
$response->header('Content-Security-Policy', 'default-src \'self\''); // Reduce risk of XSS, clickjacking, and other stuff 
    // Don't cache stuff (we'll be updating the page frequently) 
$response->header('Cache-Control', 'nocache, no-store, max-age=0, must-revalidate'); 
$response->header('Pragma', 'no-cache'); 
$response->header('Expires', 'Fri, 01 Jan 1990 00:00:00 GMT'); 
return $response;

當然,你可以重構上面的,它包括一個輔助功能。

來源

2014-12-15 01:10:08 FredTheWebGuy

+0

這樣做了!謝謝! – 735Tesla 2014-12-15 01:54:43

+0

'$ response-> header('X-Archer','DANGER ZONE');'爲什麼? – 2016-06-21 15:39:09

+0

@LukasBernhard - 你可以忽略那個自定義標題。刪除。 – FredTheWebGuy 2016-08-07 23:53:45

相關問題

 相關問題