I added the following middleware to the HTTP Kernel stack, in app/Http/Kernal.php, which adds the X-Frame-Options: SAMEORIGIN to the header.
<?php
namespace App\Http\Middleware;
use Closure;
class FrameGuard
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
$request->headers->set('X-Frame-Options', 'SAMEORIGIN');
return $next($request);
}
}
It causes a none-related error to show and part of the view is also rendered. This part of the view is rendering a list from the database, which works when the FrameGuard middleware is removed from the stack.
FatalErrorException in
MySqlGrammar.php line 139:
Maximum function nesting level of '100' reached, aborting!
This is the middleware stack in app/Http/Kernel.php.
protected $middleware = [
CheckForMaintenanceMode::class,
Middleware\EncryptCookies::class,
AddQueuedCookiesToResponse::class,
StartSession::class,
ShareErrorsFromSession::class,
Middleware\AccessControlAllowOrigin::class,
FrameGuard::class,
];
When FrameGuard::class is removed, everything works as expected, however when FrameGuard::class is added it causes the above error. Further more, when I keep FrameGuard::class in the stack and comment out $request->headers->set('X-Frame-Options', 'SAMEORIGIN'); inside of the FrameGuard middleware class, I get the same error.
Has anyone else ran into something similar or am I going about adding this header in an incorrect way?
via Chebli Mohamed
Aucun commentaire:
Enregistrer un commentaire