added various tests for playwright
This commit is contained in:
Codex Agent
@@ -105,6 +105,10 @@ class Handler extends ExceptionHandler
|
||||
|
||||
private function configureSentryScope(): void
|
||||
{
|
||||
if (! function_exists('\Sentry\configureScope')) {
|
||||
return;
|
||||
}
|
||||
|
||||
\Sentry\configureScope(function (Scope $scope): void {
|
||||
$user = Auth::user();
|
||||
|
||||
|
||||
@@ -34,11 +34,14 @@ class Kernel extends HttpKernel
|
||||
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
|
||||
\Illuminate\Session\Middleware\StartSession::class,
|
||||
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
|
||||
\App\Http\Middleware\EnsureXsrfCookie::class,
|
||||
\App\Http\Middleware\VerifyCsrfToken::class,
|
||||
\Illuminate\Routing\Middleware\SubstituteBindings::class,
|
||||
\App\Http\Middleware\SetLocaleFromRequest::class,
|
||||
\App\Http\Middleware\HandleInertiaRequests::class,
|
||||
\Illuminate\Http\Middleware\AddLinkHeadersForPreloadedAssets::class,
|
||||
\App\Http\Middleware\ContentSecurityPolicy::class,
|
||||
\App\Http\Middleware\ResponseSecurityHeaders::class,
|
||||
],
|
||||
|
||||
'api' => [
|
||||
|
||||
17
app/Http/Middleware/EncryptCookies.php
Normal file
17
app/Http/Middleware/EncryptCookies.php
Normal file
@@ -0,0 +1,17 @@
|
||||
<?php
|
||||
|
||||
namespace App\Http\Middleware;
|
||||
|
||||
use Illuminate\Cookie\Middleware\EncryptCookies as Middleware;
|
||||
|
||||
class EncryptCookies extends Middleware
|
||||
{
|
||||
/**
|
||||
* The names of the cookies that should not be encrypted.
|
||||
*
|
||||
* @var list<string>
|
||||
*/
|
||||
protected $except = [
|
||||
'XSRF-TOKEN',
|
||||
];
|
||||
}
|
||||
34
app/Http/Middleware/EnsureXsrfCookie.php
Normal file
34
app/Http/Middleware/EnsureXsrfCookie.php
Normal file
@@ -0,0 +1,34 @@
|
||||
<?php
|
||||
|
||||
namespace App\Http\Middleware;
|
||||
|
||||
use Closure;
|
||||
use Illuminate\Http\Request;
|
||||
use Symfony\Component\HttpFoundation\Response;
|
||||
|
||||
class EnsureXsrfCookie
|
||||
{
|
||||
public function handle(Request $request, Closure $next): Response
|
||||
{
|
||||
/** @var Response $response */
|
||||
$response = $next($request);
|
||||
|
||||
if ($request->isMethod('GET') && ! $request->cookies->has('XSRF-TOKEN')) {
|
||||
$response->headers->setCookie(
|
||||
cookie(
|
||||
name: 'XSRF-TOKEN',
|
||||
value: csrf_token(),
|
||||
minutes: 120,
|
||||
path: '/',
|
||||
domain: null,
|
||||
secure: $request->isSecure(),
|
||||
httpOnly: false,
|
||||
raw: false,
|
||||
sameSite: 'lax'
|
||||
)
|
||||
);
|
||||
}
|
||||
|
||||
return $response;
|
||||
}
|
||||
}
|
||||
@@ -26,7 +26,9 @@ class ResponseSecurityHeaders
|
||||
}
|
||||
}
|
||||
|
||||
if ($request->isSecure() && ! app()->environment(['local', 'testing'])) {
|
||||
$forceHsts = (bool) config('security_headers.force_hsts', false);
|
||||
|
||||
if ($forceHsts || ($request->isSecure() && ! app()->environment(['local', 'testing']))) {
|
||||
$hsts = 'max-age=31536000; includeSubDomains';
|
||||
if (! $response->headers->has('Strict-Transport-Security')) {
|
||||
$response->headers->set('Strict-Transport-Security', $hsts);
|
||||
|
||||
Reference in New Issue
Block a user