Yii2 security headers extension
github url: github.com/hyperia-sk/yii2-secure-headers
Add security related headers to HTTP response. The package includes extension for easy Yii2 integration.
Installation
composer require hyperia/yii2-secure-headers:"1.0.0"
Configuration (usage)
'bootstrap' => [..., 'headers'],
'components' => [
...
'headers' => [
'class' => '\hyperia\security\Headers',
'upgradeInsecureRequests' => true,
'blockAllMixedContent' => true,
'stsMaxAge' => 10,
'xFrameOptions' => 'DENY',
'xPoweredBy' => 'Hyperia',
'publicKeyPins' => '',
'cspDirectives' => [
'script-src' => "'self' 'unsafe-inline'",
'style-src' => "'self' 'unsafe-inline'",
'img-src' => "'self' data:",
'connect-src' => "'self'",
'font-src' => "'self'",
'object-src' => "'self'",
'media-src' => "'self'",
'form-action' => "'self'",
'frame-src' => "'self'",
'child-src' => "'self'"
]
]
]