Create CloudFront signed URLs in Laravel 6+

Related tags

Laravel laravel-cloudfront-url-signer
Overview

Create CloudFront signed URLs in Laravel 6+

Easy to use Laravel 6+ wrapper around the official AWS PHP SDK which allows to sign URLs to access Private Content through CloudFront CDN

Inspired by laravel-url-signer

Latest Version on Packagist Total Downloads

This package can create canned policies signed URLs for CloudFront which expires after a given time. This is done by wrapping the AWS SDK method adding a Laravel-style configuration and accessibility.

This is how you can create signed URL that's valid for 30 days:

// With Facade
CloudFrontUrlSigner::sign('https://myapp.com/resource', 30);

// With helper
sign('https://myapp.com/resource', 30);

The output is compliant with CloudFront specifications

Installation

The package can be installed via Composer:

composer require dreamonkey/laravel-cloudfront-url-signer

Configuration

The configuration file can optionally be published via:

php artisan vendor:publish --provider="Dreamonkey\CloudFrontUrlSigner\CloudFrontUrlSignerServiceProvider"

This is the content of the file:

return [
    /*
     * The default expiration time of a URL in days.
     */
    'default_expiration_time_in_days' => 1,

    /*
     * The private key used to sign all URLs.
     */
    'private_key_path' => storage_path(env('CLOUDFRONT_PRIVATE_KEY_PATH', 'trusted-signer.pem')),

    /*
     * Identifies the CloudFront key pair associated
     * to the trusted signer which validates signed URLs.
     */
    'key_pair_id' => env('CLOUDFRONT_KEY_PAIR_ID', ''),

    /*
     * CloudFront API version, by default it uses the latest available.
     */
    'version' => env('CLOUDFRONT_API_VERSION', 'latest'),

];

Usage

Signing URLs

URL's can be signed with the sign method:

CloudFrontUrlSigner::sign('https://myapp.com/resource');

By default the lifetime of an URL is one day. This value can be change in the config-file. If you want a custom life time, you can specify the number of days the URL should be valid:

// The generated URL will be valid for 5 days.
CloudFrontUrlSigner::sign('https://myapp.com/resource', 5);

For fine grained control, you may also pass a DateTime instance as the second parameter. The url will be valid up to that moment. This example uses Carbon for convenience:

// This URL will be valid up until 2 hours from the moment it was generated.
CloudFrontUrlSigner::sign('https://myapp.com/resource', Carbon\Carbon::now()->addHours(2) );

Changelog

Please see CHANGELOG for more information what has changed recently.

Testing

$ vendor/bin/phpunit

Contributing

Please see CONTRIBUTING for details.

Security

If you discover any security related issues, please email [email protected] instead of using the issue tracker.

Credits

License

The MIT License (MIT). Please see License File for more information.

Comments
  • V4 Issue

    V4 Issue

    Signing the URL seems to be working but when I visit the generated URL I get this message:

    Query-string authentication requires the Signature, Expires and AWSAccessKeyId parameters

    If I change the querystring variable Key-Pair-Id to AWSAccessKeyId, I get a different error

    The authorization mechanism you have provided is not supported. Please use AWS4-HMAC-SHA256.

    Online it says something about this error is related to using v4

    Any help you could give would be much appreciated

    opened by michaellwatson 9
  • Link to expire after few seconds instead of hour(s)

    Link to expire after few seconds instead of hour(s)

    Hi,

    Trying to get the sign url to expire after few seconds or minutes seems to not be working properly - on my side at least.

    When I try:

    CloudFrontUrlSigner::sign('https://myapp.com/resource', now()->addSeconds(10) );

    The url generated is still working even after few minutes. Could it be because of cache in Cloudfront or that we cannot set less than 1 hour?

    Also I read that you are not using this package anymore, but it is still maintained ? I saw an update for Laravel 8 so I hope so.

    Thanks

    opened by MickaelTH 4
  • Question about league/uri dependency

    Question about league/uri dependency

    https://github.com/dreamonkey/laravel-cloudfront-url-signer/blob/1f0079d402145c27ad9f7b71777d72ecaa4a0e64/src/CloudFrontUrlSigner.php#L37

    I was wondering why you are converting the url to be signed into an HTTP resource before passing it into getSignedUrl(). Once it is passed to getSignedUrl() it is basically immediately converted back into a string. I am thinking maybe it is so you can easily get an exception if the URL is invalid? But it looks getSignedUrl() already handles this to some extent.

    Would you accept a PR to remove this dependency? I am asking because thephpleague/uri has an underlying dependency on the php-intl extension which is causing some issues for us in our development environment.

    Thanks

    opened by alexciarlillo 3
  • Private Key as Environment Variable

    Private Key as Environment Variable

    Hi, thanks for writing this lib!

    Wondering if there's a way to store the private key as an environment variable instead?

    Similar to how passport does this with "PASSPORT_PRIVATE_KEY".

    Cheers!

    opened by joshdillner 2
  • Any Plans to support Custom Policy like IP based restrictions?

    Any Plans to support Custom Policy like IP based restrictions?

    Thanks for creating this library !

    Any Plans to support Custom Policy like IP based restrictions?

    https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-creating-signed-url-custom-policy.html

    opened by ithiru 2
  • Bump guzzlehttp/guzzle from 7.4.1 to 7.4.4

    Bump guzzlehttp/guzzle from 7.4.1 to 7.4.4

    Bumps guzzlehttp/guzzle from 7.4.1 to 7.4.4.

    Release notes

    Sourced from guzzlehttp/guzzle's releases.

    Release 7.4.4

    See change log for changes.

    Release 7.4.3

    See change log for changes.

    Release 7.4.2

    See change log for changes.

    Changelog

    Sourced from guzzlehttp/guzzle's changelog.

    7.4.4 - 2022-06-09

    • Fix failure to strip Authorization header on HTTP downgrade
    • Fix failure to strip the Cookie header on change in host or HTTP downgrade

    7.4.3 - 2022-05-25

    • Fix cross-domain cookie leakage

    7.4.2 - 2022-03-20

    Fixed

    • Remove curl auth on cross-domain redirects to align with the Authorization HTTP header
    • Reject non-HTTP schemes in StreamHandler
    • Set a default ssl.peer_name context in StreamHandler to allow force_ip_resolve
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 1
  • Bump guzzlehttp/guzzle from 7.4.1 to 7.4.3

    Bump guzzlehttp/guzzle from 7.4.1 to 7.4.3

    Bumps guzzlehttp/guzzle from 7.4.1 to 7.4.3.

    Release notes

    Sourced from guzzlehttp/guzzle's releases.

    Release 7.4.3

    See change log for changes.

    Release 7.4.2

    See change log for changes.

    Changelog

    Sourced from guzzlehttp/guzzle's changelog.

    7.4.3 - 2022-05-25

    • Fix cross-domain cookie leakage

    7.4.2 - 2022-03-20

    Fixed

    • Remove curl auth on cross-domain redirects to align with the Authorization HTTP header
    • Reject non-HTTP schemes in StreamHandler
    • Set a default ssl.peer_name context in StreamHandler to allow force_ip_resolve
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 1
  • custon path

    custon path

    The issue is how I change the location of the pem file and place it in the variable CLOUDFRONT_PRIVATE_KEY_PATH. by default this /app/api/storage/file.pem the idea is to have the pem file in another location .

    opened by matiasmanuelparra 1
  • Bump league/flysystem from 1.1.3 to 1.1.4

    Bump league/flysystem from 1.1.3 to 1.1.4

    Bumps league/flysystem from 1.1.3 to 1.1.4.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 1
  • Bump laravel/framework from 8.32.1 to 8.40.0

    Bump laravel/framework from 8.32.1 to 8.40.0

    Bumps laravel/framework from 8.32.1 to 8.40.0.

    Release notes

    Sourced from laravel/framework's releases.

    v8.39.0

    Added

    • Added Illuminate\Collections\Collection::sole() method (#37034)
    • Support url for php artisan db command (#37064)
    • Added Illuminate\Foundation\Bus\DispatchesJobs::dispatchSync() (#37063)
    • Added Illuminate\Cookie\CookieJar::expire() (#37072, fa3a14f)
    • Added Illuminate\Database\DatabaseManager::setApplication() (#37068)
    • Added Illuminate\Support\Stringable::whenNotEmpty() (#37080)
    • Added Illuminate\Auth\SessionGuard::attemptWhen() (#37090, e3fcd97)
    • Added password validation rule (#36960)

    Fixed

    • Fixed JsonResponse::fromJasonString() double encoding string (#37076)
    • Fallback to primary key if owner key doesnt exist on model at all in MorphTo relation (a011109)
    • Fixes for PHP 8.1 (#37087, #37101)
    • Do not execute beforeSending callbacks twice in HTTP client (#37116)
    • Fixed nullable values for required_if (#37128, 86fd558)

    Changed

    • Schedule list timezone command (#37117)

    v8.38.0

    Added

    • Added a wordCount() string helper (#36990)
    • Allow anonymous and class based migration coexisting (#37006)
    • Added Illuminate\Broadcasting\Broadcasters\PusherBroadcaster::setPusher() (#37033)

    Fixed

    • Fixed required_if boolean validation (#36969)
    • Correctly merge object payload data in Illuminate\Queue\Queue::createObjectPayload() (#36998)
    • Allow the use of temporary views for Blade testing on Windows machines (#37044)
    • Fixed Http::withBody() not being sent (#37057)

    v8.37.0

    Added

    • Allow to retry jobs by queue name (#36898, f2d9b59, c351a30)
    • Added strings to the DetectsLostConnections.php (4210258)
    • Allow testing of Blade components that return closures (#36919)
    • Added anonymous migrations (#36906)
    • Added Session\Store::missing() method (#36937)
    • Handle concurrent asynchronous requests in the HTTP client (#36948, 245a712)
    • Added tinyText data type to Blueprint and to available database grammars (#36949)
    • Added a method to remove a resolved view engine (#36955)
    • Added Illuminate\Database\Eloquent\Model::getAttributesForInsert() protected method (9a9f59f, 314bf87)

    Fixed

    • Fixed clone() on EloquentBuilder (#36924)

    Changed

    ... (truncated)

    Changelog

    Sourced from laravel/framework's changelog.

    Release Notes for 8.x

    Unreleased

    v8.39.0 (2021-04-27)

    Added

    • Added Illuminate\Collections\Collection::sole() method (#37034)
    • Support url for php artisan db command (#37064)
    • Added Illuminate\Foundation\Bus\DispatchesJobs::dispatchSync() (#37063)
    • Added Illuminate\Cookie\CookieJar::expire() (#37072, fa3a14f)
    • Added Illuminate\Database\DatabaseManager::setApplication() (#37068)
    • Added Illuminate\Support\Stringable::whenNotEmpty() (#37080)
    • Added Illuminate\Auth\SessionGuard::attemptWhen() (#37090, e3fcd97)
    • Added password validation rule (#36960)

    Fixed

    • Fixed JsonResponse::fromJasonString() double encoding string (#37076)
    • Fallback to primary key if owner key doesnt exist on model at all in MorphTo relation (a011109)
    • Fixes for PHP 8.1 (#37087, #37101)
    • Do not execute beforeSending callbacks twice in HTTP client (#37116)
    • Fixed nullable values for required_if (#37128, 86fd558)

    Changed

    • Schedule list timezone command (#37117)

    v8.38.0 (2021-04-20)

    Added

    • Added a wordCount() string helper (#36990)
    • Allow anonymous and class based migration coexisting (#37006)
    • Added Illuminate\Broadcasting\Broadcasters\PusherBroadcaster::setPusher() (#37033)

    Fixed

    • Fixed required_if boolean validation (#36969)
    • Correctly merge object payload data in Illuminate\Queue\Queue::createObjectPayload() (#36998)
    • Allow the use of temporary views for Blade testing on Windows machines (#37044)
    • Fixed Http::withBody() not being sent (#37057)

    v8.37.0 (2021-04-13)

    Added

    • Allow to retry jobs by queue name (#36898, f2d9b59, c351a30)
    • Added strings to the DetectsLostConnections.php (4210258)
    • Allow testing of Blade components that return closures (#36919)
    • Added anonymous migrations (#36906)
    • Added Session\Store::missing() method (#36937)

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 1
  • Bump laravel/framework from 8.12.3 to 8.26.1

    Bump laravel/framework from 8.12.3 to 8.26.1

    Bumps laravel/framework from 8.12.3 to 8.26.1.

    Release notes

    Sourced from laravel/framework's releases.

    v8.25.0

    Added

    • Added Stringable::pipe & make Stringable tappable (#36017)
    • Accept a command in object form in Bus::assertChained (#36031)
    • Adds parallel testing (#36034)
    • Make Listeners, Mailables, and Notifications accept ShouldBeEncrypted (#36036)
    • Support JSON encoding Stringable (#36012)
    • Support for escaping bound attributes (#36042)
    • Added Illuminate\Foundation\Application::useLangPath() (#36044)

    Changed

    • Pipe through new render and report exception methods (#36032)

    Fixed

    • Fixed issue with dumping schema from a postgres database using no default schema (#35966, 7be50a5)
    • Fixed worker --delay option (#35991)
    • Added support of PHP 7.3 to RateLimiter middleware(queue) serialization (#35986)
    • Fixed Illuminate\Foundation\Http\Middleware\TransformsRequest::cleanArray() (#36002)
    • ModelNotFoundException: ensure that the model class name is properly set (#36011)
    • Fixed bus fake (e720279)

    v8.24.0

    Added

    Fixed

    • Fixed type error in Illuminate\Http\Concerns\InteractsWithContentTypes::isJson() (#35956)
    • Fixed Illuminate\Collections\Collection::sortByMany() (#35950)
    • Fixed Limit expected bindings (#35972, 006873d)
    • Fixed serialization of rate limited with redis middleware (#35971)

    v8.23.1

    v8.23.1 (2021-01-19)

    Fixed

    • Fixed empty html mail (#35941)

    v8.23.0

    v8.23.0 (2021-01-19)

    Added

    • Added Illuminate\Database\Concerns\BuildsQueries::sole() (#35869, 29c7dae, #35908, #35902, #35912)
    • Added default parameter to throw_if / throw_unless (#35890)
    • Added validation support for TeamSpeak3 URI scheme (#35933)

    Fixed

    ... (truncated)

    Changelog

    Sourced from laravel/framework's changelog.

    Release Notes for 8.x

    Unreleased

    v8.25.0 (2021-01-26)

    Added

    • Added Stringable::pipe & make Stringable tappable (#36017)
    • Accept a command in object form in Bus::assertChained (#36031)
    • Adds parallel testing (#36034)
    • Make Listeners, Mailables, and Notifications accept ShouldBeEncrypted (#36036)
    • Support JSON encoding Stringable (#36012)
    • Support for escaping bound attributes (#36042)
    • Added Illuminate\Foundation\Application::useLangPath() (#36044)

    Changed

    • Pipe through new render and report exception methods (#36032)

    Fixed

    • Fixed issue with dumping schema from a postgres database using no default schema (#35966, 7be50a5)
    • Fixed worker --delay option (#35991)
    • Added support of PHP 7.3 to RateLimiter middleware(queue) serialization (#35986)
    • Fixed Illuminate\Foundation\Http\Middleware\TransformsRequest::cleanArray() (#36002)
    • ModelNotFoundException: ensure that the model class name is properly set (#36011)
    • Fixed bus fake (e720279)

    v8.24.0 (2021-01-21)

    Added

    Fixed

    • Fixed type error in Illuminate\Http\Concerns\InteractsWithContentTypes::isJson() (#35956)
    • Fixed Illuminate\Collections\Collection::sortByMany() (#35950)
    • Fixed Limit expected bindings (#35972, 006873d)
    • Fixed serialization of rate limited with redis middleware (#35971)

    v8.23.1 (2021-01-19)

    Fixed

    • Fixed empty html mail (#35941)

    v8.23.0 (2021-01-19)

    Added

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 1
  • Bump guzzlehttp/guzzle from 7.4.1 to 7.4.5

    Bump guzzlehttp/guzzle from 7.4.1 to 7.4.5

    Bumps guzzlehttp/guzzle from 7.4.1 to 7.4.5.

    Release notes

    Sourced from guzzlehttp/guzzle's releases.

    Release 7.4.5

    See change log for changes.

    Release 7.4.4

    See change log for changes.

    Release 7.4.3

    See change log for changes.

    Release 7.4.2

    See change log for changes.

    Changelog

    Sourced from guzzlehttp/guzzle's changelog.

    7.4.5 - 2022-06-20

    • Fix change in port should be considered a change in origin
    • Fix CURLOPT_HTTPAUTH option not cleared on change of origin

    7.4.4 - 2022-06-09

    • Fix failure to strip Authorization header on HTTP downgrade
    • Fix failure to strip the Cookie header on change in host or HTTP downgrade

    7.4.3 - 2022-05-25

    • Fix cross-domain cookie leakage

    7.4.2 - 2022-03-20

    Fixed

    • Remove curl auth on cross-domain redirects to align with the Authorization HTTP header
    • Reject non-HTTP schemes in StreamHandler
    • Set a default ssl.peer_name context in StreamHandler to allow force_ip_resolve
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump guzzlehttp/psr7 from 2.1.0 to 2.2.1

    Bump guzzlehttp/psr7 from 2.1.0 to 2.2.1

    Bumps guzzlehttp/psr7 from 2.1.0 to 2.2.1.

    Release notes

    Sourced from guzzlehttp/psr7's releases.

    2.2.1

    See change log for changes.

    2.2.0

    See change log for changes.

    2.1.2

    See change log for changes.

    2.1.1

    See change log for changes.

    Changelog

    Sourced from guzzlehttp/psr7's changelog.

    2.2.1 - 2022-03-20

    Fixed

    • Correct header value validation

    2.2.0 - 2022-03-20

    Added

    • A more compressive list of mime types
    • Add JsonSerializable to Uri
    • Missing return types

    Fixed

    • Bug MultipartStream no uri metadata
    • Bug MultipartStream with filename for data:// streams
    • Fixed new line handling in MultipartStream
    • Reduced RAM usage when copying streams
    • Updated parsing in Header::normalize()

    2.1.1 - 2022-03-20

    Fixed

    • Validate header values properly
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
Releases(v3.3.0)
Owner
Dreamonkey S.r.l.
We deal with websites, web design, graphics, Android app and counsellings. We try to release as open source useful code we develop for our projects.
Dreamonkey S.r.l.
GitHub
Easily generate URLs to Minecraft avatars with the ability to switch between services

Minecraft Avatar URLs This library provides PHP utilities to generate URLs to Minecraft Avatars in different formats with the ability to easily change

Gigadrive UG 3 Aug 11, 2022
A Laravel chat package. You can use this package to create a chat/messaging Laravel application.

Chat Create a Chat application for your multiple Models Table of Contents Click to expand Introduction Installation Usage Adding the ability to partic

Tinashe Musonza 931 Dec 24, 2022
An open source Laravel Soundboard with Admin Panel CRUD (Create Read Update Delete) built on Laravel, Bootstrap, and Vue.js

Laravel Soundboard An open source Laravel Soundboard with Admin Panel CRUD (Create Read Update Delete) built on Laravel 5.8, Bootstrap 4, Vue.js, Boot

Jeremy Kenedy 24 Oct 28, 2022
Foreman is a Laravel scaffolding application that automates common tasks you typically perform with each new Laravel app you create

Foreman is a Laravel scaffolding application that automates common tasks you typically perform with each new Laravel app you create. The directives you want Forman to perform are outlined in a JSON based template file.

Indatus 145 Apr 13, 2022
Easily create a revision history for any laravel model

Wouldn't it be nice to have a revision history for any model in your project, without having to do any work for it. By simply adding the RevisionableT

Venture Craft 2.4k Jan 6, 2023
Laravel component to create gorgeous Charts.css charts.

Laravel component to create gorgeous Charts.css charts. This package will help you generate CSS only charts based on the Charts.css library. Installat

Maarten Paauw 105 Sep 26, 2022
Migrator is a GUI migration manager for Laravel which you can create, manage and delete your migration.

Migrator Migrator is a GUI migration manager for Laravel which you can create, manage and delete your migration. Installation: To install Migrator you

Reza Amini 457 Jan 8, 2023
A laravel package to handle sanitize process of model data to create/update model records.

Laravel Model UUID A simple package to sanitize model data to create/update table records. Installation Require the package using composer: composer r

null 66 Sep 19, 2022
Create Laravel views (blade template) using 'php artisan' command-line interface

About LaraBit Have you ever wonder to create Laravel views (Blade Templates) using the same type of artisan commands that you usually use to create ne

Ragib MRB 5 Oct 15, 2021
This package enables you to create and run a fully functioning WebSocket server in your Laravel app.

This package enables you to create and run a fully functioning WebSocket server in your Laravel app. It can optionally receive messages broadcast over ZeroMQ.

Asked.io 181 Oct 6, 2022
A make:pivot command to create a pivot table with Laravel

make:pivot for Laravel Installation Requires PHP 8.0.0+ You can install the package via composer: composer require felixdorn/laravel-make-pivot-table

Félix Dorn 13 Aug 23, 2022
Simple Arabic Laravel Dashboard , has basic settings and a nice layout . to make it easy for you to create fast dashboard

Simple Arabic Laravel Dashboard ✅ Auto Seo ✅ Optimized Notifications With Images ✅ Smart Alerts ✅ Auto Js Validations ✅ Front End Alert ✅ Nice Image V

Peter Tharwat 254 Dec 19, 2022
🏭This package lets you create factory classes for your Laravel project.

Laravel Factories Reloaded ?? This package generates class-based model factories, which you can use instead of the ones provided by Laravel. Laravel 8

Christoph Rumpel 372 Dec 27, 2022
Navigator is a package to create headless navigation menus for use in Laravel applications

Navigator Navigator is a package to create headless navigation menus for use in Laravel applications: // In a Service Provider Nav::define(fn ($user)

Sam Rowden 36 Oct 30, 2022
A platform to create documentation/wiki content built with PHP & Laravel

BookStack A platform for storing and organising information and documentation. Details for BookStack can be found on the official website at https://w

BookStackApp 10.7k Jan 5, 2023
Charts - a Laravel library used to create Charts using Chartisan

Charts is a Laravel library used to create Charts using Chartisan. Chartisan does already have a PHP adapter. However, this library attempts to provide more laravel-like features into it by providing support for chart creation using the artisan command, middleware support and routing support.

Mohammad 2 Mar 14, 2022
Create and manage A Domain Driven Design (DDD) in your Laravel app, simply and efficiently.

Create and manage A Domain Driven Design (DDD) in your Laravel app, simply and efficiently.

Lucas Nepomuceno 4 Jun 11, 2022
Effortlessly create a PHP preload script for your Laravel project.

This package has been superseeded by Laragear/Preload. Please migrate to the new package. Laraload Effortlessly create a PHP Preload Script for your L

Italo 209 Dec 7, 2022
Laravel package to create autonumber for Eloquent model

Laravel AutoNumber Laravel package to create autonumber for Eloquent model Installation You can install the package via composer: composer require gid

null 2 Jul 10, 2022