Just another tip for the day, to protect your Laravel sites from iframe embed, use this hidden middleware, FrameGuard.
\Illuminate\Http\Middleware\FrameGuard::class
What it does is simple, set X-Frame-Options
to sameorigin
. Here the code implemented in Laravel:
namespace Illuminate\Http\Middleware;
use Closure;
class FrameGuard
{
/**
* Handle the given request and get the response.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return \Symfony\Component\HttpFoundation\Response
*/
public function handle($request, Closure $next)
{
$response = $next($request);
$response->headers->set('X-Frame-Options', 'SAMEORIGIN', false);
return $response;
}
}