33 lines
756 B
PHP
33 lines
756 B
PHP
<?php
|
|
|
|
namespace App\Http\Middleware;
|
|
|
|
use Closure;
|
|
|
|
class FrameGuard
|
|
{
|
|
/**
|
|
* Handle the given request and get the response.
|
|
*/
|
|
public function handle($request, Closure $next)
|
|
{
|
|
$response = $next($request);
|
|
|
|
$x_frame_options = config('app.x_frame_options');
|
|
|
|
if (false !== $x_frame_options
|
|
&& $x_frame_options !== 'false'
|
|
&& $x_frame_options !== '0'
|
|
) {
|
|
$value = 'SAMEORIGIN';
|
|
|
|
if (is_string($x_frame_options) && preg_match("#(DENY|SAMEORIGIN|ALLOW-FROM)#i", $x_frame_options)) {
|
|
$value = $x_frame_options;
|
|
}
|
|
$response->headers->set('X-Frame-Options', $value, false);
|
|
}
|
|
|
|
return $response;
|
|
}
|
|
}
|