Security headers shipped in the boilerplate

[f-ricci]

Hi,

I have recently run into some troubles because our website was missing the header x-frame-options

As the framework already builds in some security measures like CSRF, SQL injections, among others, I thought it would be nice if it also shipped with some defaults for Content Security Policy.

I would like to be able to provide more to this topic but unfortunately I don't have enough expertise in this topic.

[crynobone]

It's already available via

framework/src/Illuminate/Http/Middleware/FrameGuard.php

Line 7 in b6f4732

class FrameGuard