🔒 Add treblle security headers middleware

Author: mckenziearts

projects/default-graphql/core/Http/Kernel.php

@@ -6,7 +6,7 @@
 
 use App\Http\Middleware\CacheHeaders;
 use App\Http\Middleware\EnsureEmailIsVerified;
-use App\Http\Middleware\JsonApiResponseMiddleware;
+use App\Http\Middleware\ContentTypeMiddleware;
 use App\Http\Middleware\PreventRequestsDuringMaintenance;
 use App\Http\Middleware\TrimStrings;
 use App\Http\Middleware\TrustProxies;
@@ -37,7 +37,7 @@ final class Kernel extends HttpKernel
 
         'api' => [
             ThrottleRequests::class.':api',
-            JsonApiResponseMiddleware::class,
+            ContentTypeMiddleware::class,
             CacheHeaders::class,
         ],
     ];

projects/default/.env.example

@@ -1,4 +1,4 @@
-APP_NAME=Laravel
+APP_NAME="Laravel API Skeleton"
 APP_ENV=local
 APP_KEY=
 APP_DEBUG=true
@@ -11,7 +11,7 @@ LOG_LEVEL=debug
 DB_CONNECTION=mysql
 DB_HOST=127.0.0.1
 DB_PORT=3306
-DB_DATABASE=api_boilerplate_laravel
+DB_DATABASE=api
 DB_USERNAME=root
 DB_PASSWORD=
 

projects/default/README.md

@@ -1,8 +1,8 @@
-# Laravel API Skeleton - Default
+# Laravel API Skeleton - Example
 This project is a skeleton for building an API with Laravel. It is the simplest skeleton and contains only the basic packages to build an API.
 
 ## Installation
 
 ```bash
-composer require laravelcm/api-skeleton-default
+composer require laravelcm/api-skeleton
 ```

projects/default/app/Http/Middleware/JsonApiResponseMiddleware.php renamed to projects/default/app/Http/Middleware/ContentTypeMiddleware.php

@@ -8,7 +8,7 @@
 use Illuminate\Http\Request;
 use Symfony\Component\HttpFoundation\Response;
 
-final class JsonApiResponseMiddleware
+final class ContentTypeMiddleware
 {
     public function handle(Request $request, Closure $next): Response
     {
@@ -17,10 +17,10 @@ public function handle(Request $request, Closure $next): Response
          */
         $response = $next($request);
 
-        $response->headers->set(
-            key: 'Content-Type',
-            values: 'application/vnd.api+json',
-        );
+        $response->headers->add([
+            'Accept' => 'application/json',
+            'Content-Type' => 'application/vnd.api+json',
+        ]);
 
         return $response;
     }

projects/default/app/Http/Middleware/Security/XFrameOptionMiddleware.php

@@ -0,0 +1,26 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Middleware\Security;
+
+use Closure;
+use Illuminate\Http\Request;
+use Symfony\Component\HttpFoundation\Response;
+
+final class XFrameOptionMiddleware
+{
+    public function handle(Request $request, Closure $next): Response
+    {
+        /**
+         * @var Response $response
+         */
+        $response = $next($request);
+
+        $response->headers->add([
+            'X-Frame-Options' => 'deny',
+        ]);
+
+        return $response;
+    }
+}

projects/default/composer.json

@@ -20,7 +20,8 @@
     "laravel/framework": "^10.2",
     "laravel/sanctum": "^3.2.1",
     "laravel/tinker": "^2.8.1",
-    "timacdonald/json-api": "v1.0.0-beta.4"
+    "timacdonald/json-api": "v1.0.0-beta.4",
+    "treblle/security-headers": "^0.0.3"
   },
   "require-dev": {
     "fakerphp/faker": "^1.21.0",