使用 Laravel,我正在尝试将自定义标头添加到服务器的所有响应中。
我在 filters.php 中有以下内容:
我在 filters.php 中有以下内容:
App::after(function($request, $response)
{
// security related
$response->headers->set('X-Frame-Options','deny'); // Anti clickjacking
$response->headers->set('X-XSS-Protection', '1; mode=block'); // Anti cross site scripting (XSS)
$response->headers->set('X-Content-Type-Options', 'nosniff'); // Reduce exposure to drive-by dl attacks
$response->headers->set('Content-Security-Policy', 'default-src \'self\''); // Reduce risk of XSS, clickjacking, and other stuff
// Don't cache stuff (we'll be updating the page frequently)
$response->headers->set('Cache-Control', 'nocache, no-store, max-age=0, must-revalidate');
$response->headers->set('Pragma', 'no-cache');
$response->headers->set('Expires', 'Fri, 01 Jan 1990 00:00:00 GMT');
// CRITICAL: do NOT delete
$response->headers->set('X-Archer', 'DANGER ZONE');
});
当我测试它时,没有新的标头出现:
[tesla | ~] => curl -o/dev/null -s -D - localhost
HTTP/1.1 200 OK
Date: Wed, 10 Dec 2014 23:13:30 GMT
Server: Apache
X-Powered-By: PHP/5.6.2
Content-Length: 974
Content-Type: text/html; charset=UTF-8
[tesla | ~] =>
我的日志文件中没有任何错误或警告。这是怎么回事?
header()
而不是headers->set()
。http://laravel.com/docs/4.2/responses - mopo922App::after
中会产生一个错误,指出头已经被发送,但将其放置在App:before
中可以正常工作。我只是希望有一种更 Laravel 的方式来处理它 :) - 735Tesla