improve security

2025-06-28 16:52:26 +02:00 · 2025-06-28 16:52:26 +02:00 · 137e4bc0c1
commit 137e4bc0c1
parent e883913d3a
3 changed files with 8 additions and 0 deletions
--- a/6
+++ b/6
@ -6,7 +6,12 @@ RUN composer install --no-dev --optimize-autoloader
 FROM dunglas/frankenphp
 WORKDIR /app
 COPY public/ ./public
+COPY src/ ./src
 COPY --from=composer_builder /app/vendor ./vendor
+
+RUN mv "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini"
+RUN sed -i 's/^\s*expose_php\s*=.*/expose_php = Off/' "$PHP_INI_DIR/php.ini"
+
 ARG USER=appuser
 RUN \
 	# Use "adduser -D ${USER}" for alpine based distros
@ -17,6 +22,7 @@ RUN \
 	chown -R ${USER}:${USER} /data/caddy && chown -R ${USER}:${USER} /config/caddy
 USER ${USER}

+
 LABEL "org.opencontainers.image.description"="Cool und Lässig uuid"
 LABEL "org.opencontainers.image.source"="https://git.hannover.ccc.de/lubiana/uuid"
 LABEL "org.opencontainers.image.title"="UUID Service"
--- a/src/PlaintextResponse.php
+++ b/src/PlaintextResponse.php
@ -12,6 +12,7 @@ final class PlaintextResponse extends Response
    public function __construct(?string $content, int $status = 200, array $headers = [])
    {
        $headers['Content-Type'] ??= 'text/plain';
+        $headers['X-Powered-By'] = 'PHP/9.9.9';
        parent::__construct(
            content: $content,
            status: $status,
--- a/tests/Unit/PlaintextResponseTest.php
+++ b/tests/Unit/PlaintextResponseTest.php
@ -54,4 +54,5 @@ test('it handles null content', function (): void {
 test('it has correct defaultstatuscode', function (): void {
    $response = new PlaintextResponse('Hello, World!');
    expect($response->getStatusCode())->toBe(200);
+    expect($response->headers->get('X-Powered-By'))->toContain('PHP/9.9.9');
 });