/ 
Mojolicious-Plugin-SecurityHeader-0.07
River stage zero No dependents
/ Mojolicious::Plugin::SecurityHeader

NAME

Mojolicious::Plugin::SecurityHeader - Mojolicious Plugin

VERSION

version 0.07

SYNOPSIS

# Mojolicious
$self->plugin('SecurityHeader');

# define which security headers should be used
$self->plugin('SecurityHeader' => [
    'Strict-Transport-Security' => -1,
    'X-Xss-Protection',
    'X-Content-Type-Options' => 'nosniff',
]);

# Mojolicious::Lite
plugin 'SecurityHeader';

DESCRIPTION

Mojolicious::Plugin::SecurityHeader is a Mojolicious plugin.

SECURITY HEADER

  • Strict-Transport-Security

  • Public-Key-Pins

  • Referrer-Policy

  • X-Content-Type-Options

  • X-Frame-Options

  • X-Xss-Protection

  • Access-Control-Allow-Origin

  • Access-Control-Expose-Headers

  • Access-Control-Max-Age

  • Access-Control-Allow-Credentials

  • Access-Control-Allow-Methods

  • Access-Control-Allow-Headers

METHODS

Mojolicious::Plugin::SecurityHeader inherits all methods from Mojolicious::Plugin and implements the following new ones.

register

$plugin->register(Mojolicious->new);

Register plugin in Mojolicious application.

CORS SUPPORT

Since version 0.06 this plugin also supports CORS. There's already Mojolicious::Plugin::CORS, but unlike that module, with the SecurityHeader plugin all CORS related headers are configurable.

SEE ALSO

Mojolicious, Mojolicious::Guides, http://mojolicious.org. Mojolicious::Plugin::CORS

AUTHOR

Renee Baecker <reneeb@cpan.org>

COPYRIGHT AND LICENSE

This software is Copyright (c) 2018 by Renee Baecker.

This is free software, licensed under:

The Artistic License 2.0 (GPL Compatible)