/** * Add content security policy headers to response. * * @return void * * @throws \Exception */ protected function buildCsp() { if ($this->response instanceof BinaryFileResponse) { return; } $csp = CSPBuilder::fromFile(config_path('csp.json')); $csp->addDirective('upgrade-insecure-requests', $this->request->secure()); $this->response->withHeaders($csp->getHeaderArray(false)); }