++ed by:
MHOWARD

1 PAUSE user

Renee Baecker
and 2 contributors

NAME

Mojolicious::Plugin::SecurityHeader - Mojolicious Plugin

VERSION

version 0.07

SYNOPSIS

  # Mojolicious
  $self->plugin('SecurityHeader');

  # define which security headers should be used
  $self->plugin('SecurityHeader' => [
      'Strict-Transport-Security' => -1,
      'X-Xss-Protection',
      'X-Content-Type-Options' => 'nosniff',
  ]);

  # Mojolicious::Lite
  plugin 'SecurityHeader';

DESCRIPTION

Mojolicious::Plugin::SecurityHeader is a Mojolicious plugin.

SECURITY HEADER

  • Strict-Transport-Security

  • Public-Key-Pins

  • Referrer-Policy

  • X-Content-Type-Options

  • X-Frame-Options

  • X-Xss-Protection

  • Access-Control-Allow-Origin

  • Access-Control-Expose-Headers

  • Access-Control-Max-Age

  • Access-Control-Allow-Credentials

  • Access-Control-Allow-Methods

  • Access-Control-Allow-Headers

METHODS

Mojolicious::Plugin::SecurityHeader inherits all methods from Mojolicious::Plugin and implements the following new ones.

register

  $plugin->register(Mojolicious->new);

Register plugin in Mojolicious application.

CORS SUPPORT

Since version 0.06 this plugin also supports CORS. There's already Mojolicious::Plugin::CORS, but unlike that module, with the SecurityHeader plugin all CORS related headers are configurable.

SEE ALSO

Mojolicious, Mojolicious::Guides, http://mojolicious.org. Mojolicious::Plugin::CORS

AUTHOR

Renee Baecker <reneeb@cpan.org>

COPYRIGHT AND LICENSE

This software is Copyright (c) 2018 by Renee Baecker.

This is free software, licensed under:

  The Artistic License 2.0 (GPL Compatible)