Support non laravel project

.travis.yml

@@ -23,4 +23,4 @@ after_script:
   - vendor/bin/test-reporter
 
 # Commands you want to run that will verify your build.
-script: phpunit
+script: phpunit --stderr

CHANGELOG.md

@@ -1,7 +1,14 @@
-# Changelog for Laravel Security Header
+# Changelog for Secure Headers
 
 ## dev
 
+## 3.x
+
+- 3.0.0 (2016-12-19)
+  - Support non laravel project
+  - Change namespace
+  - Change project name
+
 ## 2.x
 
 - 2.2.0 (2016-10-03)

LICENSE

@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2015 BePsvPT
+Copyright (c) BePsvPT
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

README.md

@@ -1,4 +1,4 @@
-# Laravel Security Header
+# Secure Headers
 
 [![Build Status](https://travis-ci.org/BePsvPT/laravel-security-header.svg?branch=master)](https://travis-ci.org/BePsvPT/laravel-security-header)
 [![Test Coverage](https://codeclimate.com/github/BePsvPT/laravel-security-header/badges/coverage.svg)](https://codeclimate.com/github/BePsvPT/laravel-security-header/coverage)
@@ -8,35 +8,35 @@
 [![Total Downloads](https://poser.pugx.org/bepsvpt/laravel-security-header/downloads?format=flat-square)](https://packagist.org/packages/bepsvpt/laravel-security-header)
 [![License](https://poser.pugx.org/bepsvpt/laravel-security-header/license?format=flat-square)](https://packagist.org/packages/bepsvpt/laravel-security-header)
 
-Add secure headers to response for laravel framework.
+Add secure headers to HTTP response.
 
 ## Install
 
 Install using composer
 
 ```sh
-composer require bepsvpt/laravel-security-header
+composer require bepsvpt/secure-headers
 ```
 
 Add the service provider in `config/app.php`
 
 ```php
-Bepsvpt\LaravelSecurityHeader\SecurityHeaderServiceProvider::class,
+Bepsvpt\SecureHeaders\SecureHeadersServiceProvider::class,
 ```
 
 Publish config file
 
 ```sh
-php artisan vendor:publish --provider="Bepsvpt\LaravelSecurityHeader\SecurityHeaderServiceProvider"
+php artisan vendor:publish --provider="Bepsvpt\SecureHeaders\SecureHeadersServiceProvider"
 ```
 
 Add global middleware in `app/Http/Kernel.php`
 
 ```php
-\Bepsvpt\LaravelSecurityHeader\SecurityHeaderMiddleware::class,
+\Bepsvpt\SecureHeaders\SecureHeadersMiddleware::class,
 ```
 
-Set up the config file `config/security-header.php`
+Set up the config file `config/secure-headers.php`
 
 Done!
 
@@ -50,4 +50,4 @@ Please see [UPGRADE](UPGRADE.md) for details.
 
 ## License
 
-Laravel Security Header is licensed under [The MIT License (MIT)](LICENSE).
+Secure Headers is licensed under [The MIT License (MIT)](LICENSE).

UPGRADE.md

@@ -1,5 +1,11 @@
 # UPGRADE
 
+### 2.2.0 to 3.0.0
+
+- Rename `config/security-header.php` to `config/secure-headers.php`
+- Change provider from `Bepsvpt\LaravelSecurityHeader\SecurityHeaderServiceProvider::class,` to `Bepsvpt\SecureHeaders\SecureHeadersServiceProvider::class,` in `config/app.php`
+- Change middleware from `\Bepsvpt\LaravelSecurityHeader\SecurityHeaderMiddleware::class,` to `\Bepsvpt\SecureHeaders\SecureHeadersMiddleware::class,` in `app/Http/Kernel.php`
+
 ### 2.1.x to 2.2.0
 
 - The following new headers are added, you can find it [here](https://github.com/BePsvPT/laravel-security-header/blob/655c007418ac03bb56e152f5f5bfe6f7117a964b/config/security-header.php) and copy to your config file.

composer.json

@@ -1,7 +1,8 @@
 {
-  "name": "bepsvpt/laravel-security-header",
-  "description": "Append secure headers to response for laravel framework.",
+  "name": "bepsvpt/secure-headers",
+  "description": "Add secure headers to HTTP response.",
   "keywords": ["laravel", "header", "hsts", "hpkp", "csp", "https"],
+  "homepage": "https://github.com/BePsvPT/secure-headers",
   "license": "MIT",
   "authors": [
     {
@@ -10,19 +11,24 @@
     }
   ],
   "require": {
-    "php": ">=7.0",
-    "illuminate/http": "5.1.*|5.2.*|5.3.*",
-    "illuminate/support": "5.1.*|5.2.*|5.3.*",
+    "php": "^7.0",
+    "illuminate/http": "^5.1",
+    "illuminate/support": "^5.1",
     "paragonie/csp-builder": "^2.0",
     "paragonie/hpkp-builder": "^0.1"
   },
   "require-dev": {
     "codeclimate/php-test-reporter": "^0.3",
-    "phpunit/phpunit": "^5.5"
+    "orchestra/testbench": "^3.3",
+    "phpunit/phpunit": "^5.7"
   },
   "autoload": {
     "psr-4": {
-      "Bepsvpt\\LaravelSecurityHeader\\": "src/"
+      "Bepsvpt\\SecureHeaders\\": "src/"
     }
+  },
+  "config": {
+    "optimize-autoloader": true,
+    "sort-packages": true
   }
 }

config/security-header.php → config/secure-headers.php

@@ -71,7 +71,7 @@
      */
 
     'hsts' => [
-        'enable' => env('SECURITY_HEADER_HSTS_ENABLE', false),
+        'enable' => false,
 
         'max-age' => 15552000,
 
@@ -113,7 +113,7 @@
      * Note: custom-csp does not support report-only.
      */
 
-    'custom-csp' => env('SECURITY_HEADER_CUSTOM_CSP', null),
+    'custom-csp' => null,
 
     'csp' => [
         'report-only' => false,

phpunit.xml.dist

@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <phpunit backupGlobals="false"
          backupStaticAttributes="false"
-         bootstrap="tests/autoload.php"
+         bootstrap="vendor/autoload.php"
          colors="true"
          convertErrorsToExceptions="true"
          convertNoticesToExceptions="true"
@@ -12,7 +12,7 @@
          syntaxCheck="true"
 >
     <testsuites>
-        <testsuite name="Laravel Security Header Test">
+        <testsuite name="Secure Headers Test">
             <directory>./tests</directory>
         </testsuite>
     </testsuites>
@@ -22,9 +22,6 @@
     <filter>
         <whitelist processUncoveredFilesFromWhitelist="true">
             <directory suffix=".php">./src</directory>
-            <exclude>
-                <file>./src/SecurityHeaderServiceProvider.php</file>
-            </exclude>
         </whitelist>
     </filter>
 </phpunit>

src/SecurityHeaderMiddleware.php → src/SecureHeaders.php

@@ -1,72 +1,128 @@
 <?php
 
-namespace Bepsvpt\LaravelSecurityHeader;
+namespace Bepsvpt\SecureHeaders;
 
-use Closure;
-use Illuminate\Http\Request;
-use Illuminate\Http\Response;
+use InvalidArgumentException;
 use ParagonIE\CSPBuilder\CSPBuilder;
 use ParagonIE\HPKPBuilder\HPKPBuilder;
+use RuntimeException;
 
-class SecurityHeaderMiddleware
+class SecureHeaders
 {
     /**
-     * Security Header Config.
-     *
      * @var array
      */
-    private $config;
+    protected $config = [];
+
+    /**
+     * @var bool
+     */
+    protected $compiled = false;
+
+    /**
+     * @var array
+     */
+    protected $headers = [];
 
     /**
-     * Handle an incoming request.
+     * Constructor.
      *
-     * @param  Request  $request
-     * @param  Closure  $next
+     * @param array $config
+     */
+    public function __construct(array $config = [])
+    {
+        $this->config = $config;
+    }
+
+    /**
+     * Load data from file.
      *
-     * @return Response
+     * @param string $file
+     *
+     * @return SecureHeaders
      */
-    public function handle(Request $request, Closure $next)
+    public static function fromFile($file)
     {
-        $response = $next($request);
+        if (! is_file($file)) {
+            throw new InvalidArgumentException("{$file} does not exist.");
+        }
 
-        $this->config = config('security-header');
+        $config = require $file;
 
-        $response->withHeaders(
-            array_merge(
-                $this->csp(),
-                $this->hpkp(),
-                $this->hsts(),
-                $this->miscellaneous()
-            )
-        );
+        return new self($config);
+    }
 
-        return $response;
+    /**
+     *  Send HTTP headers.
+     *
+     * @return void
+     */
+    public function send()
+    {
+        if (headers_sent($file, $line)) {
+            throw new RuntimeException("Headers already sent in {$file} on line {$line}."); // @codeCoverageIgnore
+        }
+
+        foreach ($this->headers() as $key => $value) {
+            header("{$key}: {$value}", true);
+        }
     }
 
     /**
-     * Get hsts header.
+     * Get HTTP headers.
      *
      * @return array
      */
-    protected function hsts()
+    public function headers()
     {
-        if (! $this->config['hsts']['enable']) {
-            return [];
+        if (! $this->compiled) {
+            $this->compile();
         }
 
-        $hsts = "max-age={$this->config['hsts']['max-age']}; preload;";
+        return $this->headers;
+    }
 
-        if ($this->config['hsts']['include-sub-domains']) {
-            $hsts .= ' includeSubDomains;';
+    /**
+     * Compile HTTP headers.
+     *
+     * @return void
+     */
+    protected function compile()
+    {
+        $this->headers = array_merge(
+            $this->csp(),
+            $this->hpkp(),
+            $this->hsts(),
+            $this->miscellaneous()
+        );
+
+        $this->compiled = true;
+    }
+
+    /**
+     * Get CSP header.
+     *
+     * @return array
+     */
+    protected function csp()
+    {
+        if (! is_null($this->config['custom-csp'])) {
+            if (empty($this->config['custom-csp'])) {
+                return [];
+            }
+
+            return [
+                'Content-Security-Policy' => $this->config['custom-csp'],
+            ];
         }
 
-        return [
-            'Strict-Transport-Security' => $hsts,
-        ];
+        $csp = new CSPBuilder($this->config['csp']);
+
+        return $csp->getHeaderArray(false);
     }
 
     /**
-     * Get hpkp header.
+     * Get HPKP header.
      *
      * @return array
      */
@@ -86,21 +142,25 @@ protected function hpkp()
     }
 
     /**
-     * Get csp header.
+     * Get HSTS header.
      *
      * @return array
      */
-    protected function csp()
+    protected function hsts()
     {
-        if (! is_null($this->config['custom-csp'])) {
-            return [
-                'Content-Security-Policy' => $this->config['custom-csp'],
-            ];
+        if (! $this->config['hsts']['enable']) {
+            return [];
         }
 
-        $csp = new CSPBuilder($this->config['csp']);
+        $hsts = "max-age={$this->config['hsts']['max-age']}; preload;";
 
-        return $csp->getHeaderArray(false);
+        if ($this->config['hsts']['include-sub-domains']) {
+            $hsts .= ' includeSubDomains;';
+        }
+
+        return [
+            'Strict-Transport-Security' => $hsts,
+        ];
     }
 
     /**