Harden Headers (#2721)

* Basic security headers * Remove XSS Header (not relevent) * Fix config name * Use Arr::get() * Add tests * Re-fix the StoreConfig step for fresh installs Co-authored-by: luceos <luceos@users.noreply.github.com> Co-authored-by: Alexander Skvortsov <askvortsov1@users.noreply.github.com>
2025-10-29 14:36:17 +01:00 · 2021-05-03 12:42:06 -04:00
parent 9711af42ae
commit 7eea2476ca
7 changed files with 135 additions and 2 deletions
--- a/src/Install/Steps/StoreConfig.php
+++ b/src/Install/Steps/StoreConfig.php
@@ -55,10 +55,13 @@ class StoreConfig implements Step, ReversibleStep
    {
        return [
            'debug'    => $this->debugMode,
-            'poweredByHeader'  => true,
            'database' => $this->dbConfig->toArray(),
            'url'      => (string) $this->baseUrl,
            'paths'    => $this->getPathsConfig(),
+            'headers'  => [
+                'poweredByHeader'  => true,
+                'referrerPolicy' => 'same-origin',
+            ]
        ];
    }