Security - v2.0.2

Installation

Install via Composer

composer require artisanpack-ui/security

The package auto-registers via Laravel's package discovery.

Publish the config

php artisan vendor:publish --tag=security-config

Publishes config/artisanpack/security.php. Override headers, rate limiting, XSS protection, API security, CSP, testing, logging, and command defaults here.

Run migrations

php artisan migrate

Adds the csp_violation_reports table used by the CSP violation reporting endpoint.

Apply middleware

The package's middleware are aliased by the service provider but not applied globally — you opt in per route or in your app/Http/Kernel.php middleware groups:

// app/Http/Kernel.php (Laravel 10)
protected $middlewareGroups = [
    'web' => [
        // ...
        \ArtisanPackUI\Security\Http\Middleware\SecurityHeadersMiddleware::class,
        \ArtisanPackUI\Security\Http\Middleware\ContentSecurityPolicy::class,
    ],
];

Or in bootstrap/app.php (Laravel 11+):

->withMiddleware(function (Middleware $middleware) {
    $middleware->web(append: [
        \ArtisanPackUI\Security\Http\Middleware\SecurityHeadersMiddleware::class,
        \ArtisanPackUI\Security\Http\Middleware\ContentSecurityPolicy::class,
    ]);
})

The shipped middleware aliases (csp, security.headers, xss.protection, api.security, api.rate_limit) work in route definitions:

Route::middleware(['csp', 'security.headers'])->group(function () {
    // ...
});

Deeper topics

Configuration — full config reference
Configuration management — patterns for layered / per-environment overrides
Environment variables — every env var the package reads