implemented a lot of security measures

2025-12-09 20:29:32 +01:00
parent 4bdb93c171
commit 928d28fcaf
21 changed files with 953 additions and 134 deletions
--- a/bootstrap/app.php
+++ b/bootstrap/app.php
@@ -5,6 +5,7 @@ use App\Http\Middleware\EnsureTenantAdminToken;
 use App\Http\Middleware\EnsureTenantCollaboratorToken;
 use App\Http\Middleware\HandleAppearance;
 use App\Http\Middleware\HandleInertiaRequests;
+use App\Http\Middleware\ResponseSecurityHeaders;
 use App\Http\Middleware\SetLocaleFromUser;
 use App\Http\Middleware\TenantIsolation;
 use Illuminate\Foundation\Application;
@@ -68,13 +69,16 @@ return Application::configure(basePath: dirname(__DIR__))
            \App\Http\Middleware\SetLocale::class,
            SetLocaleFromUser::class,
            HandleAppearance::class,
+            ResponseSecurityHeaders::class,
            \App\Http\Middleware\ContentSecurityPolicy::class,
            HandleInertiaRequests::class,
            AddLinkHeadersForPreloadedAssets::class,
            \App\Http\Middleware\RequestTimingMiddleware::class,
        ]);

-        $middleware->api(append: []);
+        $middleware->api(append: [
+            ResponseSecurityHeaders::class,
+        ]);
    })
    ->withExceptions(function (Exceptions $exceptions) {
        //