Build and apply Permissions-Policy (formerly Feature-Policy) headers in Laravel applications.
- PHP 8.3, 8.4, or 8.5
- Laravel 13
composer require codebar-ag/laravel-feature-policyPublish configuration (optional):
php artisan vendor:publish --tag=laravel-feature-policy-configThe published config file is config/feature-policy.php. You can also rely on environment variables:
| Env | Config key | Default | Purpose |
|---|---|---|---|
FPH_ENABLED |
enabled |
true |
Master switch; when false, middleware does not apply policy headers. |
| — | policy |
null |
Fully qualified class name of your policy (must extend CodebarAg\LaravelFeaturePolicy\Policies\Policy). |
FPH_PROPOSAL_ENABLED |
directives.proposal |
false |
Enable proposed directive group. |
FPH_EXPERIMENTAL_ENABLED |
directives.experimental |
false |
Enable experimental directive handling. |
FPH_REPORTING_ENABLED |
reporting.enabled |
false |
Add Reporting-Endpoints and related reporting metadata. |
FPH_REPORT_ONLY |
reporting.report_only |
false |
When reporting is on, also emit Permissions-Policy-Report-Only. |
FPH_REPORTING_URL |
reporting.url |
(see config) | Endpoint URL for violation reports. |
Implement a policy class with a configure() method that calls addDirective() (see package tests and Policies\Policy).
Register the middleware on your web stack (or another group), for example in bootstrap/app.php:
use CodebarAg\LaravelFeaturePolicy\AddFeaturePolicyHeaders;
$middleware->web(append: [
AddFeaturePolicyHeaders::class,
]);You may pass a specific policy class as a middleware parameter:
Route::get('/admin', AdminController::class)
->middleware(AddFeaturePolicyHeaders::class.':'.AdminPermissionsPolicy::class);Run Laravel Pint in test mode:
composer lintRun static analysis (PHPStan + Larastan):
composer analyseRun the test suite:
composer testRun tests with code coverage and a 100% minimum (requires the PCOV or Xdebug PHP extension):
composer test-coverageRun lint, analysis, and tests together:
composer qualityThis package was initially inspired by mazedlx/laravel-feature-policy (MIT). The implementation has since been significantly adapted for Laravel 13 and is maintained independently by codebar-ag.
MIT