fix test errors
API CI/CD / Validate (composer + pint) (push) Successful in 2m47s
API CI/CD / Test (PHPUnit) (push) Failing after 3m8s
API CI/CD / Build frontend assets (push) Failing after 5m22s
API CI/CD / Security audit (push) Failing after 34s
API CI/CD / Deploy to shared hosting (PHP) (push) Has been skipped

This commit is contained in:
root
2026-06-26 15:37:03 -04:00
parent 2ad6e9cf02
commit 5e35fefd69
56 changed files with 313 additions and 86 deletions
+18 -2
View File
@@ -10,9 +10,27 @@ class SecurityHeaders
{
public function handle(Request $request, Closure $next): Response
{
$requestId = (string) $request->headers->get('X-Request-Id', '');
if ($requestId !== '' && ! preg_match('/^[A-Za-z0-9._:-]{1,128}$/', $requestId)) {
$response = response()->json(['message' => 'Invalid request id.'], 400);
$this->applySecurityHeaders($request, $response);
return $response;
}
/** @var Response $response */
$response = $next($request);
$this->applySecurityHeaders($request, $response);
if ($requestId !== '') {
$response->headers->set('X-Request-Id', $requestId);
}
return $response;
}
private function applySecurityHeaders(Request $request, Response $response): void
{
$headers = $response->headers;
$headers->set('X-Content-Type-Options', 'nosniff');
$headers->set('X-Frame-Options', 'DENY');
@@ -22,7 +40,5 @@ class SecurityHeaders
if ($request->isSecure()) {
$headers->set('Strict-Transport-Security', 'max-age=31536000; includeSubDomains');
}
return $response;
}
}