src/EventSubscriber/SecurityHeadersSubscriber.php line 13

Open in your IDE?
  1. <?php
  3. namespace App\EventSubscriber;
  5. use JetBrains\PhpStorm\ArrayShape;
  6. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  7. use Symfony\Component\HttpFoundation\Response;
  8. use Symfony\Component\HttpKernel\Event\ResponseEvent;
  9. use Symfony\Component\HttpKernel\KernelEvents;
  11. class SecurityHeadersSubscriber implements EventSubscriberInterface
  12. {
  13.     public function onKernelResponse(ResponseEvent $event): void
  14.     {
  15.         $response $event->getResponse();
  16.         $response->headers->set('X-Content-Type-Options''nosniff');
  17. //        $response->headers->set('X-Frame-Options', 'SAMEORIGIN');
  18.         $response->headers->set('X-XSS-Protection''1; mode=block');
  20. //        $response->headers->set('Content-Security-Policy', "default-src 'self'; script-src 'self' 'nonce-fb36db628485fc3a388a259581f9057d';");
  22.         if ($response->getStatusCode() === Response::HTTP_OK) {
  23.             $response->headers->set('Strict-Transport-Security''max-age=31536000; includeSubDomains; preload');
  24.         }
  25.     }
  27.     #[ArrayShape([KernelEvents::RESPONSE => "string"])] public static function getSubscribedEvents(): array
  28.     {
  29.         return [
  30.             KernelEvents::RESPONSE => 'onKernelResponse',
  31.         ];
  32.     }
  33. }