Skip to content

Latest commit

 

History

History
80 lines (51 loc) · 4.31 KB

UPGRADE.md

File metadata and controls

80 lines (51 loc) · 4.31 KB
Raw

7.x.x to 7.3.0

  • The following new headers are added, you can find it here and copy to your config file.
    • Cross-Origin-Embedder-Policy
    • Cross-Origin-Opener-Policy
    • Cross-Origin-Resource-Policy

6.2.0 to 7.0.0

  • feature-policy was replaced with permissions-policy, make sure you add permissions-policy config to the config file, you can find it here.

6.1.x to 6.2.0

  • Add use-permissions-policy-header config key for feature-policy, you can find it here.

6.0.x to 6.1.0

  • X-Power-By header renamed to X-Powered-By.

5.x.x to 6.0.0

  • Lumen user need to add SecureHeadersMiddleware manually.
  • HSTS preload is disabled by default now, if your HSTS config does not contain preload key and you want to preserve previous behavior, add preload to HSTS section and set to true.
  • Update csp config structure from config file.

5.4.0 to 5.5.0

  • The following new headers are added, you can find it here and copy to your config file.
    • X-Power-By

5.3.x to 5.4.0

  • HSTS preload field can be disabled now, you can find it here and copy to your config file.
  • display-capture and document-domain are added to Feature-Policy, you can find it here and here.

5.2.x to 5.3.0

  • The following new headers are added, you can find it here and copy to your config file.
    • Feature-Policy

5.1.0 to 5.2.0

  • The following new headers are added, you can find it here and here and copy to your config file.
    • Clear-Site-Data
    • Server

5.0.0 to 5.1.0

  • The following new headers are added, you can find it here and copy to your config file.
    • Expect-CT

4.x.x to 5.0.0

  • HPKP hashes field only supports sha256 algorithm, change other algorithms to sha256.
  • CSP https-transform-on-https-connections was removed, dont forget to use the explicit protocol.
  • CSP child-src directive was removed, use frame-src or worker-src directive instead.
  • CSP img-src directive data field was removed, use schemes field instead.
  • CSP directive hashes field has new format, you can find it here.

3.x.x to 4.0.0

  • If you are a Lumen user, change $app->register(Bepsvpt\SecureHeaders\LumenServiceProvider::class); to $app->register(Bepsvpt\SecureHeaders\SecureHeadersServiceProvider::class); in bootstrap/app.php
  • Because of dependency changing, please check your Content-Security-Policy(CSP) header is correct after upgrade.

2.2.0 to 3.0.0

  • Rename config/security-header.php to config/secure-headers.php
  • Change provider from Bepsvpt\LaravelSecurityHeader\SecurityHeaderServiceProvider::class, to Bepsvpt\SecureHeaders\SecureHeadersServiceProvider::class, in config/app.php
  • Change middleware from \Bepsvpt\LaravelSecurityHeader\SecurityHeaderMiddleware::class, to \Bepsvpt\SecureHeaders\SecureHeadersMiddleware::class, in app/Http/Kernel.php

2.1.x to 2.2.0

  • The following new headers are added, you can find it here and copy to your config file.
    • X-Download-Options
    • X-Permitted-Cross-Domain-Policies
    • Referrer-Policy

2.0.0 to 2.1.0

  • You need to republish the config file and set up according to your need.