search

dotkernel / api

DotKernel's PSR-7 REST style API built around the Mezzio API skeleton.
https://docs.dotkernel.org/api-documentation/
MIT License
35 stars 5 forks source link

add extra Headers #33

Closed arhimede closed 3 years ago

arhimede commented 4 years ago

https://securityheaders.com/

Check if there are realy needed the add extra headers:

Strict-Transport-Security Content-Security-Policy X-Frame-Options X-Content-Type-Options Referrer-Policy Permissions-Policy

alexmerlin commented 3 years ago

Considering that the general use case for DotKernel API is to communicate (only) with a frontend application, most of these headers are not relevant (except for Permissions-Policy, which is already implemented via dot-response-header). Still, if an application needs any of these headers, they can be easily added via dot-response-header's config file.