@@ -34,22 +34,19 @@ Then proceed to configuration.
3434Configuration <a name =" configuration " ></a >
3535------------
3636
37+ The version 1.1 is a Module implementation.
3738
38- > ** IMPORTANT:** If you don't setup your configuration no header will be sent.
39-
40-
41- An example of configuration:
42-
39+ Module _ securityHeader_ sample configuration in main.php
4340
4441
45- Class Response configuration in main.php
46-
4742``` php
4843[
49- 'components' => [
50- 'response' => [
51- 'class' => 'bicf\securityheaders\components\Response',
52- 'on afterPrepare' => ['bicf\securityheaders\components\Response','addSecurityHeaders'],
44+ 'bootstrap'=>[
45+ 'securityHeader',
46+ ],
47+ 'modules' => [
48+ 'securityHeader' => [
49+ 'class' => bicf\securityheaders\Module::class,
5350 'modules' => [
5451 'XContentTypeOptions'=>[
5552 'class' => 'bicf\securityheaders\modules\HeaderXContentTypeOptions',
@@ -95,8 +92,12 @@ Class Response configuration in main.php
9592 ],
9693 ],
9794 ],
98- ]
9995
96+ 'components' => [
97+ // components stuff
98+ // no need to add anything
99+ ],
100+ ]
100101```
101102
102103
@@ -252,3 +253,67 @@ public function actionIndex() {
252253
253254
254255
256+
257+ Legacy Implementation <a name="legacy_configuration"></a>
258+ --------------------
259+
260+ This is the old implementation, extending the Request Class.
261+
262+ > **IMPORTANT:** If you don't setup your configuration no header will be sent.
263+
264+ An example of configuration:
265+
266+ ` ` `
267+ [
268+ ' components' => [
269+ ' response' => [
270+ ' class' => ' bicf\s ecurityheaders\c omponents\R esponse'
271+ ' on afterPrepare' => [' bicf\s ecurityheaders\c omponents\R esponse' ' addSecurityHeaders'
272+ ' modules' => [
273+ ' XContentTypeOptions' => [
274+ ' class' => ' bicf\s ecurityheaders\m odules\H eaderXContentTypeOptions'
275+ ' value' => ' nosniff'
276+ ],
277+ ' AccessControlAllowMethods' => [
278+ ' class' => ' bicf\s ecurityheaders\m odules\H eaderAccessControlAllowMethods'
279+ ' value' => ' GET'
280+ ],
281+ ' AccessControlAllowOrigin' => [
282+ ' class' => ' bicf\s ecurityheaders\m odules\H eaderAccessControlAllowOrigin'
283+ ' value' => ' https://api.example.com'
284+ ],
285+ ' ContentSecurityPolicyAcl' => [
286+ ' class' => ' bicf\s ecurityheaders\m odules\H eaderContentSecurityPolicyAcl'
287+ ' enabled' => false ,
288+ ' policies' => [
289+ ' default-src' => " 'self'"
290+ ' frame-src' => " 'self' www.facebook.com www.youtube.com www.google.com"
291+ ' img-src' => " 'self' www.google-analytics.com"
292+ ' font-src' => " 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com"
293+ ' media-src' => " 'self'"
294+ ' script-src' => " 'self' www.google-analytics.com"
295+ ' style-src' => " 'self' maxcdn.bootstrapcdn.com"
296+ ' connect-src' => " 'self'"
297+ ' report-uri' => " /report-csp-acl"
298+ ],
299+ ],
300+ ' ContentSecurityPolicyMonitor' => [
301+ ' class' => ' bicf\s ecurityheaders\m odules\H eaderContentSecurityPolicyMonitor'
302+ ' policies' => [
303+ ' default-src' => " 'self'"
304+ ' frame-src' => " 'self' www.facebook.com www.youtube.com www.google.com"
305+ ' img-src' => " 'self' www.google-analytics.com"
306+ ' font-src' => " 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com"
307+ ' media-src' => " 'self'"
308+ ' script-src' => " 'self' www.google-analytics.com"
309+ ' style-src' => " 'self' maxcdn.bootstrapcdn.com"
310+ ' connect-src' => " 'self'"
311+ ' report-uri' => " /report-csp-acl"
312+ ],
313+ ],
314+ ],
315+ ],
316+ ],
317+ ]
318+
319+ ` ` `
0 commit comments