View GitHub Repository ProcessMonitor

Schedule Inspection
Subscribe

HSTSHeaders::handle()   A
last analyzed

↳ Parent: HSTSHeaders

Complexity

Conditions 3
Paths 3

Size

Total Lines 22
Code Lines 10

Duplication

Lines 0
Ratio 0 %

Importance

Changes 1
Bugs 0 Features 1
Metric Value
c 1
b 0
f 1
dl 0
loc 22
rs 9.2
cc 3
eloc 10
nc 3
nop 2
1 
<?php
2 

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    3
                

                                    
                                                    
                
                
                
namespace App\Http\Middleware;

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    4
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    5
                

                                    
                                                    
                
                
                
use Closure;

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    6
                

                                    
                                                    
                
                
                
use Symfony\Component\HttpFoundation\RedirectResponse;

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    7
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    8
                

                                    
                                                    
                
                
                
class HSTSHeaders

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    9
                

                                    
                                                    
                
                
                
{

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    10
                

                                    
                                                    
                
                
                
    /**

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    11
                

                                    
                                                    
                
                
                
     * Handle an incoming request.

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    12
                

                                    
                                                    
                
                
                
     *

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    13
                

                                    
                                                    
                
                
                
     * @param  \Illuminate\Http\Request $request

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    14
                

                                    
                                                    
                
                
                
     * @param  \Closure                 $next

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    15
                

                                    
                                                    
                
                
                
     * @return mixed

            


            
                                                                                                            
                                                                
            
                                    
            
            

                
                    16
                

                                    
                                                    
                
                
                
     */

            


            
                                                        
            
                                    
            
            

                
                    17
                

                                    
                                                    
                
                
                
    public function handle($request, Closure $next)

            


            
                                                        
            
                                    
            
            

                
                    18
                

                                    
                                                    
                
                
                
    {

            


            
                                                        
            
                                    
            
            

                
                    19
                

                                    
                                                    
                
                
                
        $response = $next($request);

            


            
                                                        
            
                                    
            
            

                
                    20
                

                                    
                                                    
                
                
                

            


            
                                                        
            
                                    
            
            

                
                    21
                

                                    
                                                    
                
                
                
        if ($response instanceof RedirectResponse) {

            


            
                                                        
            
                                    
            
            

                
                    22
                

                                    
                                                    
                
                
                
            return $response;

            


            
                                                        
            
                                    
            
            

                
                    23
                

                                    
                                                    
                
                
                
        }

            


            
                                                        
            
                                    
            
            

                
                    24
                

                                    
                                                    
                
                
                

            


            
                                                        
            
                                    
            
            

                
                    25
                

                                    
                                                    
                
                
                
        $cacheDays = 182; //180 days minimum reccomended by SSL Labs

            


            
                                                        
            
                                    
            
            

                
                    26
                

                                    
                                                    
                
                
                
        $maxAge     = 60 * 60 * 24 * $cacheDays;

            


            
                                                        
            
                                    
            
            

                
                    27
                

                                    
                                                    
                
                
                

            


            
                                                        
            
                                    
            
            

                
                    28
                

                                    
                                                    
                
                
                
        //Domains on which we want to serve the header

            


            
                                                        
            
                                    
            
            

                
                    29
                

                                    
                                                    
                
                
                
        // be careful with this as it can't be undone

            


            
                                                        
            
                                    
            
            

                
                    30
                

                                    
                                                    
                
                
                
        // the domain must always be available over https

            


            
                                                        
            
                                    
            
            

                
                    31
                

                                    
                                                    
                
                
                
        $protectedHosts = ['monitor.vestd.com'];

            


            
                                                        
            
                                    
            
            

                
                    32
                

                                    
                                                    
                
                
                

            


            
                                                        
            
                                    
            
            

                
                    33
                

                                    
                                                    
                
                
                
        if (in_array($request->getHttpHost(), $protectedHosts)) {

            


            
                                                        
            
                                    
            
            

                
                    34
                

                                    
                                                    
                
                
                
            return $response->header('Strict-Transport-Security', 'max-age=' . $maxAge . '; preload');

            


            
                                                        
            
                                    
            
            

                
                    35
                

                                    
                                                    
                
                
                
        }

            


            
                                                        
            
                                    
            
            

                
                    36
                

                                    
                                                    
                
                
                

            


            
                                                        
            
                                    
            
            

                
                    37
                

                                    
                                                    
                
                
                
        return $response;

            


            
                                                        
            
                                    
            
            

                
                    38
                

                                    
                                                    
                
                
                
    }

            


            
                                                        
            
                                    
            
            

                
                    39
                

                                    
                                                    
                
                
                
}