UPGRADE.md
October 13, 2024 ยท View on GitHub
7.5.0 to 8.0.0
- Please refer to the changelog of version 8.0.0 to make corresponding adjustments based on your existing settings.
7.x.x to 7.3.0
- The following new headers are added, you can find it here and copy to your config file.
Cross-Origin-Embedder-PolicyCross-Origin-Opener-PolicyCross-Origin-Resource-Policy
6.2.0 to 7.0.0
feature-policywas replaced withpermissions-policy, make sure you addpermissions-policyconfig to the config file, you can find it here.
6.1.x to 6.2.0
- Add
use-permissions-policy-headerconfig key forfeature-policy, you can find it here.
6.0.x to 6.1.0
X-Power-Byheader renamed toX-Powered-By.
5.x.x to 6.0.0
- Lumen user need to add SecureHeadersMiddleware manually.
- HSTS preload is disabled by default now, if your HSTS config does not contain
preloadkey and you want to preserve previous behavior, addpreloadto HSTS section and set totrue. - Update
cspconfig structure from config file.
5.4.0 to 5.5.0
- The following new headers are added, you can find it here and copy to your config file.
X-Power-By
5.3.x to 5.4.0
- HSTS
preloadfield can be disabled now, you can find it here and copy to your config file. display-captureanddocument-domainare added to Feature-Policy, you can find it here and here.
5.2.x to 5.3.0
- The following new headers are added, you can find it here and copy to your config file.
Feature-Policy
5.1.0 to 5.2.0
- The following new headers are added, you can find it here and here and copy to your config file.
Clear-Site-DataServer
5.0.0 to 5.1.0
- The following new headers are added, you can find it here and copy to your config file.
Expect-CT
4.x.x to 5.0.0
- HPKP
hashesfield only supports sha256 algorithm, change other algorithms to sha256. - CSP
https-transform-on-https-connectionswas removed, dont forget to use the explicit protocol. - CSP
child-srcdirective was removed, useframe-srcorworker-srcdirective instead. - CSP
img-srcdirectivedatafield was removed, useschemesfield instead. - CSP directive
hashesfield has new format, you can find it here.
3.x.x to 4.0.0
- If you are a Lumen user, change
$app->register(Bepsvpt\SecureHeaders\LumenServiceProvider::class);to$app->register(Bepsvpt\SecureHeaders\SecureHeadersServiceProvider::class);inbootstrap/app.php - Because of dependency changing, please check your Content-Security-Policy(CSP) header is correct after upgrade.
2.2.0 to 3.0.0
- Rename
config/security-header.phptoconfig/secure-headers.php - Change provider from
Bepsvpt\LaravelSecurityHeader\SecurityHeaderServiceProvider::class,toBepsvpt\SecureHeaders\SecureHeadersServiceProvider::class,inconfig/app.php - Change middleware from
\Bepsvpt\LaravelSecurityHeader\SecurityHeaderMiddleware::class,to\Bepsvpt\SecureHeaders\SecureHeadersMiddleware::class,inapp/Http/Kernel.php
2.1.x to 2.2.0
- The following new headers are added, you can find it here and copy to your config file.
X-Download-OptionsX-Permitted-Cross-Domain-PoliciesReferrer-Policy
2.0.0 to 2.1.0
- You need to republish the config file and set up according to your need.