NAME

    Mojolicious::Plugin::SecurityHeader - Mojolicious Plugin

VERSION

    version 0.07

SYNOPSIS

      # Mojolicious
      $self->plugin('SecurityHeader');
    
      # define which security headers should be used
      $self->plugin('SecurityHeader' => [
          'Strict-Transport-Security' => -1,
          'X-Xss-Protection',
          'X-Content-Type-Options' => 'nosniff',
      ]);
    
      # Mojolicious::Lite
      plugin 'SecurityHeader';

DESCRIPTION

    Mojolicious::Plugin::SecurityHeader is a Mojolicious plugin.

SECURITY HEADER

      * Strict-Transport-Security

      * Public-Key-Pins

      * Referrer-Policy

      * X-Content-Type-Options

      * X-Frame-Options

      * X-Xss-Protection

      * Access-Control-Allow-Origin

      * Access-Control-Expose-Headers

      * Access-Control-Max-Age

      * Access-Control-Allow-Credentials

      * Access-Control-Allow-Methods

      * Access-Control-Allow-Headers

METHODS

    Mojolicious::Plugin::SecurityHeader inherits all methods from
    Mojolicious::Plugin and implements the following new ones.

 register

      $plugin->register(Mojolicious->new);

    Register plugin in Mojolicious application.

CORS SUPPORT

    Since version 0.06 this plugin also supports CORS
    <https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS>. There's
    already Mojolicious::Plugin::CORS, but unlike that module, with the
    SecurityHeader plugin all CORS related headers are configurable.

SEE ALSO

    Mojolicious, Mojolicious::Guides, http://mojolicious.org.
    Mojolicious::Plugin::CORS

AUTHOR

    Renee Baecker <reneeb@cpan.org>

COPYRIGHT AND LICENSE

    This software is Copyright (c) 2018 by Renee Baecker.

    This is free software, licensed under:

      The Artistic License 2.0 (GPL Compatible)