-
Notifications
You must be signed in to change notification settings - Fork 20
apply
Aidan Woods edited this page Jul 20, 2017
·
2 revisions
HeaderBag apply ([ ?HttpAdapter $http = new GlobalHttpAdapter ] )Calling this function will initiate the following
- Existing headers from the HttpAdapter's source will be imported into SecureHeaders' internal list, parsed
- Automatic header functions will be applied
- Expect CT, CSP, HSTS, and HPKP policies will be compiled and added to SecureHeaders' internal header list.
- Headers queued for removal will be deleted from SecureHeaders' internal header list
- Safe Mode will examine the list of headers, and make any required changes according to its settings
- The HttpAdapter will be instructed to remove all headers from its header source, Headers will then be copied from SecureHeaders' internal header list, into the HttpAdapter's (now empty) list of headers
- If error reporting is enabled (both within
SecureHeaders and according to the PHP configuration values for
error reporting, and whether to display errors)
- Missing security headers will be reported as
E_USER_WARNING - Misconfigured headers will be reported as
E_USER_WARNINGorE_USER_NOTICEdepending on severity, the former being most severe an issue.
- Missing security headers will be reported as
Note: Calling this function is required before the first byte
of output in order for SecureHeaders to (be able to) do anything. If
you're not sure when the first byte of output might occur, or simply
don't want to have to call this every time – take a look at
->applyOnOutput to have SecureHeaders take care of this for you.
An implementation of the ->HttpAdapter interface, to which
settings configured via SecureHeaders will be applied.
Returns the headers