首頁 探索 說明
註冊 登入
parisio
/
leezard
1
0
複刻 0
Files 問題管理 0 合併請求 0 Wiki
分支: ferrari
分支列表 標籤列表
leezard
/
app
/
Http
/
Middleware
/
HstsMiddleware.php

HstsMiddleware.php 809 B
永久連結 文件歷史 原始文件

12345678910111213141516171819202122232425262728293031 
  1. <?php
    2. 

  2. 

  3. namespace App\Http\Middleware;
    4. 

  4. 

  5. use Closure;
    6. 

  6. use Illuminate\Http\Request;
    7. 

  7. 

  8. class HstsMiddleware
    9. 

  9. {
    10. 

  10.     /**
    11. 

  11.      * Handle an incoming request.
    12. 

  12.      *
    13. 

  13.      * @param  \Illuminate\Http\Request  $request
    14. 

  14.      * @param  \Closure(\Illuminate\Http\Request): (\Illuminate\Http\Response|\Illuminate\Http\RedirectResponse)  $next
    15. 

  15.      * @return \Illuminate\Http\Response|\Illuminate\Http\RedirectResponse
    16. 

  16.      */
    17. 

  17.     public function handle(Request $request, Closure $next)
    18. 

  18.     {
    19. 

  19.         $response = $next($request);
    20. 

  20. 

  21.         // Applica l’header HSTS solo se la richiesta è HTTPS
    22. 

  22.         if ($request->isSecure()) {
    23. 

  23.             $response->headers->set(
    24. 

  24.                 'Strict-Transport-Security',
    25. 

  25.                 'max-age=31536000; includeSubDomains'
    26. 

  26.             );
    27. 

  27.         }
    28. 

  28. 

  29.         return $response;
    30. 

  30.     }
    31. 

  31. }
    32.