fix test errors
API CI/CD / Validate (composer + pint) (push) Successful in 2m47s
API CI/CD / Test (PHPUnit) (push) Failing after 3m8s
API CI/CD / Build frontend assets (push) Failing after 5m22s
API CI/CD / Security audit (push) Failing after 34s
API CI/CD / Deploy to shared hosting (PHP) (push) Has been skipped
API CI/CD / Validate (composer + pint) (push) Successful in 2m47s
API CI/CD / Test (PHPUnit) (push) Failing after 3m8s
API CI/CD / Build frontend assets (push) Failing after 5m22s
API CI/CD / Security audit (push) Failing after 34s
API CI/CD / Deploy to shared hosting (PHP) (push) Has been skipped
This commit is contained in:
@@ -10,9 +10,27 @@ class SecurityHeaders
|
||||
{
|
||||
public function handle(Request $request, Closure $next): Response
|
||||
{
|
||||
$requestId = (string) $request->headers->get('X-Request-Id', '');
|
||||
if ($requestId !== '' && ! preg_match('/^[A-Za-z0-9._:-]{1,128}$/', $requestId)) {
|
||||
$response = response()->json(['message' => 'Invalid request id.'], 400);
|
||||
$this->applySecurityHeaders($request, $response);
|
||||
|
||||
return $response;
|
||||
}
|
||||
|
||||
/** @var Response $response */
|
||||
$response = $next($request);
|
||||
$this->applySecurityHeaders($request, $response);
|
||||
|
||||
if ($requestId !== '') {
|
||||
$response->headers->set('X-Request-Id', $requestId);
|
||||
}
|
||||
|
||||
return $response;
|
||||
}
|
||||
|
||||
private function applySecurityHeaders(Request $request, Response $response): void
|
||||
{
|
||||
$headers = $response->headers;
|
||||
$headers->set('X-Content-Type-Options', 'nosniff');
|
||||
$headers->set('X-Frame-Options', 'DENY');
|
||||
@@ -22,7 +40,5 @@ class SecurityHeaders
|
||||
if ($request->isSecure()) {
|
||||
$headers->set('Strict-Transport-Security', 'max-age=31536000; includeSubDomains');
|
||||
}
|
||||
|
||||
return $response;
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user