I am using SecurityHeadersMiddleware in cake 3.6.
and added these lines to middleware in application.php file.
$securityHeaders = new SecurityHeadersMiddleware();
$securityHeaders
->setCrossDomainPolicy()
->setReferrerPolicy()
->setXFrameOptions()
->setXssProtection(1)
->noOpen()
->noSniff();
$middlewareQueue->add($securityHeaders);
But still headers are not set in my application. Do i need to do something else ?
Need help as I need to resolve these security issues.
I am not use of middleware but i go throught cakebook I got the code like this
use Cake\Http\Middleware\SecurityHeadersMiddleware;
$securityHeaders = new SecurityHeadersMiddleware();
$securityHeaders
->setCrossDomainPolicy()
->setReferrerPolicy()
->setXFrameOptions()
->setXssProtection()
->noOpen()
->noSniff();$middlewareQueue->add($securityHeaders);
->setXssProtection(1) is this need to set 1 or not i am not aware the code, try to look your code
I did the same, but could not find my headers set.
Thanks.
good afternoon, and happy launch with coffee.
to prevent dangerous HTML tags, just simple tricks
place below code in your TableMethod
use Cake\Event\Event;
use ArrayObject;
//removes all dangerous HTML tag
public function beforeMarshal(Event $event, ArrayObject $data, ArrayObject $options)
{
foreach ($data as $key => $cafein) {
if (is_string($cafein)) {
$data[$key] = trim(strip_tags($cafein));
}
}
}
@sneha Which header(s) you are trying to set?
Thanks.
The middleware helped.