Protect your Laravel-based websites from iframe embed

0
5464
Protect your Laravel-based websites from iframe embed
Protect your Laravel-based websites from iframe embed

Just another tip for the day, to protect your Laravel sites from iframe embed, use this hidden middleware, FrameGuard.


\Illuminate\Http\Middleware\FrameGuard::class

What it does is simple, set X-Frame-Options to sameorigin. Here the code implemented in Laravel:


namespace Illuminate\Http\Middleware;

use Closure;
class FrameGuard
{
    /**
     * Handle the given request and get the response.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return \Symfony\Component\HttpFoundation\Response
     */
    public function handle($request, Closure $next)
    {
        $response = $next($request);
        $response->headers->set('X-Frame-Options', 'SAMEORIGIN', false);
        return $response;
    }
}