htmllaraveliframewebsecurityclickjacking

How to set X-Frame-Options in laravel project?


I want to prevent my website from clickJacking attack. In which file and where to set X-Frame-Options for preventing clickJacking attack.


Solution

  • You have 2 ways:

    add_header X-Frame-Options "SAMEORIGIN";
    
    <?php
    
    namespace Illuminate\Http\Middleware;
    
    use Closure;
    
    class FrameGuard
    {
        /**
         * Handle the given request and get the response.
         *
         * @param  \Illuminate\Http\Request  $request
         * @param  \Closure  $next
         * @return \Symfony\Component\HttpFoundation\Response
         */
        public function handle($request, Closure $next)
        {
            $response = $next($request);
    
            $response->headers->set('X-Frame-Options', 'SAMEORIGIN', false);
    
            return $response;
        }
    }