У меня есть проект Laravel 5, который использует пакет bepsvpt/secure-headers со следующим конфигурационным файлом:
config/secure-headers.php
<?php
return [
'x-content-type-options' => 'nosniff',
'x-download-options' => 'noopen',
'x-frame-options' => 'sameorigin',
'x-permitted-cross-domain-policies' => 'none',
'x-xss-protection' => '1; mode=block',
/*
* Referrer-Policy
*
* Reference: https://w3c.github.io/webappsec-referrer-policy
*
* Available Value: 'no-referrer', 'no-referrer-when-downgrade', 'origin', 'origin-when-cross-origin',
* 'same-origin', 'strict-origin', 'strict-origin-when-cross-origin', 'unsafe-url'
*/
'referrer-policy' => 'strict-origin-when-cross-origin',
'hsts' => [
'enable' => env('SECURITY_HEADER_HSTS_ENABLE', false),
'max-age' => 15552000,
'include-sub-domains' => false,
],
/*
* Content Security Policy
*
* Reference: https://developer.mozilla.org/en-US/docs/Web/Security/CSP
*
* csp will be ignored if custom-csp is not null.
*
* Note: custom-csp does not support report-only.
*/
'custom-csp' => env('SECURITY_HEADER_CUSTOM_CSP', null),
'csp' => [
'report-only' => false,
'report-uri' => env('CONTENT_SECURITY_POLICY_REPORT_URI', false),,
'upgrade-insecure-requests' => false,
'base-uri' => [
//
],
'default-src' => [
//
],
'child-src' => [
//
],
'script-src' => [
'allow' => [
//
],
'hashes' => [
// ['sha256' => 'hash-value'],
],
'nonces' => [
//
],
'self' => false,
'unsafe-inline' => false,
'unsafe-eval' => false,
],
'style-src' => [
'allow' => [
//
],
'self' => false,
'unsafe-inline' => false,
],
'img-src' => [
'allow' => [
//
],
'types' => [
//
],
'self' => false,
'data' => false,
],
/*
* The following directives are all use 'allow' and 'self' flag.
*
* Note: default value of 'self' flag is false.
*/
'font-src' => [
//
],
'connect-src' => [
//
],
'form-action' => [
//
],
'frame-ancestors' => [
//
],
'media-src' => [
//
],
'object-src' => [
//
],
/*
* plugin-types only support 'allow'.
*/
'plugin-types' => [
//
],
],
];
Когда я пытаюсь запустить приложение (веб-запрос или php artisan
), я получаю следующую ошибку:
PHP Fatal error: Cannot use empty array elements in arrays in C:\Web\myapp\config\secure-headers.php on line 4
Конечно, строка 4 файла выглядит совершенно нормально!
В чем проблема?