From 27a4295589405528879b9b9c81d5e42b25ca9b6c Mon Sep 17 00:00:00 2001 From: Jeroen De Meerleer Date: Thu, 6 Jul 2023 09:42:42 +0200 Subject: [PATCH] Add NelmioSecurityBundle v3.0.0 and Symfony Password Hasher v6.3.0 dependencies - Added "nelmio/security-bundle" version "^3.0" to composer.json - Added "symfony/password-hasher" version "v6.3.0" to composer.lock --- composer.json | 1 + composer.lock | 685 +++++++++++++++++- config/bundles.php | 1 + config/packages/nelmio_security.yaml | 49 ++ config/services.yaml | 3 - .../SecurityHeadersSubscriber.php | 37 - symfony.lock | 12 + 7 files changed, 747 insertions(+), 41 deletions(-) create mode 100644 config/packages/nelmio_security.yaml delete mode 100755 src/EventSubscriber/SecurityHeadersSubscriber.php diff --git a/composer.json b/composer.json index 20ab205..be13f98 100755 --- a/composer.json +++ b/composer.json @@ -8,6 +8,7 @@ "ext-ctype": "*", "ext-iconv": "*", "erusev/parsedown": "^1.7", + "nelmio/security-bundle": "^3.0", "symfony/console": "^v6.3", "symfony/dotenv": "^6.3", "symfony/flex": "^2.2", diff --git a/composer.lock b/composer.lock index 1826cd9..23d3b38 100644 --- a/composer.lock +++ b/composer.lock @@ -4,8 +4,84 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "fae7fa93b27328e354b772eb61af1d33", + "content-hash": "2275ec02d5027a024b6f2c94c3b74484", "packages": [ + { + "name": "composer/ca-bundle", + "version": "1.3.6", + "source": { + "type": "git", + "url": "https://github.com/composer/ca-bundle.git", + "reference": "90d087e988ff194065333d16bc5cf649872d9cdb" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/composer/ca-bundle/zipball/90d087e988ff194065333d16bc5cf649872d9cdb", + "reference": "90d087e988ff194065333d16bc5cf649872d9cdb", + "shasum": "" + }, + "require": { + "ext-openssl": "*", + "ext-pcre": "*", + "php": "^5.3.2 || ^7.0 || ^8.0" + }, + "require-dev": { + "phpstan/phpstan": "^0.12.55", + "psr/log": "^1.0", + "symfony/phpunit-bridge": "^4.2 || ^5", + "symfony/process": "^2.5 || ^3.0 || ^4.0 || ^5.0 || ^6.0" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-main": "1.x-dev" + } + }, + "autoload": { + "psr-4": { + "Composer\\CaBundle\\": "src" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Jordi Boggiano", + "email": "j.boggiano@seld.be", + "homepage": "http://seld.be" + } + ], + "description": "Lets you find a path to the system CA bundle, and includes a fallback to the Mozilla CA bundle.", + "keywords": [ + "cabundle", + "cacert", + "certificate", + "ssl", + "tls" + ], + "support": { + "irc": "irc://irc.freenode.org/composer", + "issues": "https://github.com/composer/ca-bundle/issues", + "source": "https://github.com/composer/ca-bundle/tree/1.3.6" + }, + "funding": [ + { + "url": "https://packagist.com", + "type": "custom" + }, + { + "url": "https://github.com/composer", + "type": "github" + }, + { + "url": "https://tidelift.com/funding/github/packagist/composer/composer", + "type": "tidelift" + } + ], + "time": "2023-06-06T12:02:59+00:00" + }, { "name": "erusev/parsedown", "version": "1.7.4", @@ -56,6 +132,79 @@ }, "time": "2019-12-30T22:54:17+00:00" }, + { + "name": "nelmio/security-bundle", + "version": "v3.0.0", + "source": { + "type": "git", + "url": "https://github.com/nelmio/NelmioSecurityBundle.git", + "reference": "34699d40d81b58b6bd256e34489c799620dff2a4" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/nelmio/NelmioSecurityBundle/zipball/34699d40d81b58b6bd256e34489c799620dff2a4", + "reference": "34699d40d81b58b6bd256e34489c799620dff2a4", + "shasum": "" + }, + "require": { + "php": "^7.4 || ^8.0", + "symfony/framework-bundle": "^4.4 || ^5.4 || ^6.0", + "symfony/http-kernel": "^4.4 || ^5.4 || ^6.0", + "symfony/security-core": "^4.4 || ^5.4 || ^6.0", + "symfony/security-csrf": "^4.4 || ^5.4 || ^6.0", + "symfony/security-http": "^4.4 || ^5.4 || ^6.0", + "symfony/yaml": "^4.4 || ^5.4 || ^6.0", + "ua-parser/uap-php": "^3.4.4" + }, + "require-dev": { + "phpstan/phpstan": "^1.4", + "phpstan/phpstan-deprecation-rules": "^1.0", + "phpstan/phpstan-phpunit": "^1.0", + "phpstan/phpstan-strict-rules": "^1.1", + "phpstan/phpstan-symfony": "^1.1", + "phpunit/phpunit": "^9.5", + "psr/cache": "^1.0 || ^2.0 || ^3.0", + "symfony/browser-kit": "^4.4 || ^5.4 || ^6.0", + "symfony/cache": "^4.4 || ^5.4 || ^6.0", + "symfony/phpunit-bridge": "^6.0", + "symfony/twig-bundle": "^4.4 || ^5.4 || ^6.0", + "twig/twig": "^2.10 || ^3.0" + }, + "type": "symfony-bundle", + "extra": { + "branch-alias": { + "dev-master": "3.x-dev" + } + }, + "autoload": { + "psr-4": { + "Nelmio\\SecurityBundle\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Nelmio", + "homepage": "http://nelm.io" + }, + { + "name": "Symfony Community", + "homepage": "https://github.com/nelmio/NelmioSecurityBundle/contributors" + } + ], + "description": "Extra security-related features for Symfony: signed/encrypted cookies, HTTPS/SSL/HSTS handling, cookie session storage, ...", + "keywords": [ + "security" + ], + "support": { + "issues": "https://github.com/nelmio/NelmioSecurityBundle/issues", + "source": "https://github.com/nelmio/NelmioSecurityBundle/tree/v3.0.0" + }, + "time": "2022-03-17T07:30:15+00:00" + }, { "name": "psr/cache", "version": "3.0.0", @@ -1642,6 +1791,78 @@ ], "time": "2023-06-26T06:07:32+00:00" }, + { + "name": "symfony/password-hasher", + "version": "v6.3.0", + "source": { + "type": "git", + "url": "https://github.com/symfony/password-hasher.git", + "reference": "d23ad221989e6b8278d050cabfd7b569eee84590" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/symfony/password-hasher/zipball/d23ad221989e6b8278d050cabfd7b569eee84590", + "reference": "d23ad221989e6b8278d050cabfd7b569eee84590", + "shasum": "" + }, + "require": { + "php": ">=8.1" + }, + "conflict": { + "symfony/security-core": "<5.4" + }, + "require-dev": { + "symfony/console": "^5.4|^6.0", + "symfony/security-core": "^5.4|^6.0" + }, + "type": "library", + "autoload": { + "psr-4": { + "Symfony\\Component\\PasswordHasher\\": "" + }, + "exclude-from-classmap": [ + "/Tests/" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Robin Chalas", + "email": "robin.chalas@gmail.com" + }, + { + "name": "Symfony Community", + "homepage": "https://symfony.com/contributors" + } + ], + "description": "Provides password hashing utilities", + "homepage": "https://symfony.com", + "keywords": [ + "hashing", + "password" + ], + "support": { + "source": "https://github.com/symfony/password-hasher/tree/v6.3.0" + }, + "funding": [ + { + "url": "https://symfony.com/sponsor", + "type": "custom" + }, + { + "url": "https://github.com/fabpot", + "type": "github" + }, + { + "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", + "type": "tidelift" + } + ], + "time": "2023-02-14T09:04:20+00:00" + }, { "name": "symfony/polyfill-intl-grapheme", "version": "v1.27.0", @@ -1967,6 +2188,166 @@ ], "time": "2022-11-03T14:55:06+00:00" }, + { + "name": "symfony/property-access", + "version": "v6.3.0", + "source": { + "type": "git", + "url": "https://github.com/symfony/property-access.git", + "reference": "db9358571ce63f09c439c2fee6c12e5b090b69ac" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/symfony/property-access/zipball/db9358571ce63f09c439c2fee6c12e5b090b69ac", + "reference": "db9358571ce63f09c439c2fee6c12e5b090b69ac", + "shasum": "" + }, + "require": { + "php": ">=8.1", + "symfony/deprecation-contracts": "^2.5|^3", + "symfony/property-info": "^5.4|^6.0" + }, + "require-dev": { + "symfony/cache": "^5.4|^6.0" + }, + "type": "library", + "autoload": { + "psr-4": { + "Symfony\\Component\\PropertyAccess\\": "" + }, + "exclude-from-classmap": [ + "/Tests/" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Fabien Potencier", + "email": "fabien@symfony.com" + }, + { + "name": "Symfony Community", + "homepage": "https://symfony.com/contributors" + } + ], + "description": "Provides functions to read and write from/to an object or array using a simple string notation", + "homepage": "https://symfony.com", + "keywords": [ + "access", + "array", + "extraction", + "index", + "injection", + "object", + "property", + "property-path", + "reflection" + ], + "support": { + "source": "https://github.com/symfony/property-access/tree/v6.3.0" + }, + "funding": [ + { + "url": "https://symfony.com/sponsor", + "type": "custom" + }, + { + "url": "https://github.com/fabpot", + "type": "github" + }, + { + "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", + "type": "tidelift" + } + ], + "time": "2023-05-19T08:06:44+00:00" + }, + { + "name": "symfony/property-info", + "version": "v6.3.0", + "source": { + "type": "git", + "url": "https://github.com/symfony/property-info.git", + "reference": "7f3a03716112269741fe2a809f8f791a371d1fcd" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/symfony/property-info/zipball/7f3a03716112269741fe2a809f8f791a371d1fcd", + "reference": "7f3a03716112269741fe2a809f8f791a371d1fcd", + "shasum": "" + }, + "require": { + "php": ">=8.1", + "symfony/string": "^5.4|^6.0" + }, + "conflict": { + "phpdocumentor/reflection-docblock": "<5.2", + "phpdocumentor/type-resolver": "<1.5.1", + "symfony/dependency-injection": "<5.4" + }, + "require-dev": { + "doctrine/annotations": "^1.10.4|^2", + "phpdocumentor/reflection-docblock": "^5.2", + "phpstan/phpdoc-parser": "^1.0", + "symfony/cache": "^5.4|^6.0", + "symfony/dependency-injection": "^5.4|^6.0", + "symfony/serializer": "^5.4|^6.0" + }, + "type": "library", + "autoload": { + "psr-4": { + "Symfony\\Component\\PropertyInfo\\": "" + }, + "exclude-from-classmap": [ + "/Tests/" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Kévin Dunglas", + "email": "dunglas@gmail.com" + }, + { + "name": "Symfony Community", + "homepage": "https://symfony.com/contributors" + } + ], + "description": "Extracts information about PHP class' properties using metadata of popular sources", + "homepage": "https://symfony.com", + "keywords": [ + "doctrine", + "phpdoc", + "property", + "symfony", + "type", + "validator" + ], + "support": { + "source": "https://github.com/symfony/property-info/tree/v6.3.0" + }, + "funding": [ + { + "url": "https://symfony.com/sponsor", + "type": "custom" + }, + { + "url": "https://github.com/fabpot", + "type": "github" + }, + { + "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", + "type": "tidelift" + } + ], + "time": "2023-05-19T08:06:44+00:00" + }, { "name": "symfony/routing", "version": "v6.3.1", @@ -2128,6 +2509,245 @@ ], "time": "2023-06-21T12:08:28+00:00" }, + { + "name": "symfony/security-core", + "version": "v6.3.0", + "source": { + "type": "git", + "url": "https://github.com/symfony/security-core.git", + "reference": "9cb74232e978be1440d2bb7daf91eb40a9363890" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/symfony/security-core/zipball/9cb74232e978be1440d2bb7daf91eb40a9363890", + "reference": "9cb74232e978be1440d2bb7daf91eb40a9363890", + "shasum": "" + }, + "require": { + "php": ">=8.1", + "symfony/event-dispatcher-contracts": "^2.5|^3", + "symfony/password-hasher": "^5.4|^6.0", + "symfony/service-contracts": "^2.5|^3" + }, + "conflict": { + "symfony/event-dispatcher": "<5.4", + "symfony/http-foundation": "<5.4", + "symfony/ldap": "<5.4", + "symfony/security-guard": "<5.4", + "symfony/validator": "<5.4" + }, + "require-dev": { + "psr/cache": "^1.0|^2.0|^3.0", + "psr/container": "^1.1|^2.0", + "psr/log": "^1|^2|^3", + "symfony/cache": "^5.4|^6.0", + "symfony/event-dispatcher": "^5.4|^6.0", + "symfony/expression-language": "^5.4|^6.0", + "symfony/http-foundation": "^5.4|^6.0", + "symfony/ldap": "^5.4|^6.0", + "symfony/string": "^5.4|^6.0", + "symfony/translation": "^5.4|^6.0", + "symfony/validator": "^5.4|^6.0" + }, + "type": "library", + "autoload": { + "psr-4": { + "Symfony\\Component\\Security\\Core\\": "" + }, + "exclude-from-classmap": [ + "/Tests/" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Fabien Potencier", + "email": "fabien@symfony.com" + }, + { + "name": "Symfony Community", + "homepage": "https://symfony.com/contributors" + } + ], + "description": "Symfony Security Component - Core Library", + "homepage": "https://symfony.com", + "support": { + "source": "https://github.com/symfony/security-core/tree/v6.3.0" + }, + "funding": [ + { + "url": "https://symfony.com/sponsor", + "type": "custom" + }, + { + "url": "https://github.com/fabpot", + "type": "github" + }, + { + "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", + "type": "tidelift" + } + ], + "time": "2023-04-28T15:57:00+00:00" + }, + { + "name": "symfony/security-csrf", + "version": "v6.3.0", + "source": { + "type": "git", + "url": "https://github.com/symfony/security-csrf.git", + "reference": "1f505c9060bde692eb37718c78a91d95d9abeeec" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/symfony/security-csrf/zipball/1f505c9060bde692eb37718c78a91d95d9abeeec", + "reference": "1f505c9060bde692eb37718c78a91d95d9abeeec", + "shasum": "" + }, + "require": { + "php": ">=8.1", + "symfony/security-core": "^5.4|^6.0" + }, + "conflict": { + "symfony/http-foundation": "<5.4" + }, + "require-dev": { + "symfony/http-foundation": "^5.4|^6.0" + }, + "type": "library", + "autoload": { + "psr-4": { + "Symfony\\Component\\Security\\Csrf\\": "" + }, + "exclude-from-classmap": [ + "/Tests/" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Fabien Potencier", + "email": "fabien@symfony.com" + }, + { + "name": "Symfony Community", + "homepage": "https://symfony.com/contributors" + } + ], + "description": "Symfony Security Component - CSRF Library", + "homepage": "https://symfony.com", + "support": { + "source": "https://github.com/symfony/security-csrf/tree/v6.3.0" + }, + "funding": [ + { + "url": "https://symfony.com/sponsor", + "type": "custom" + }, + { + "url": "https://github.com/fabpot", + "type": "github" + }, + { + "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", + "type": "tidelift" + } + ], + "time": "2023-04-21T14:41:17+00:00" + }, + { + "name": "symfony/security-http", + "version": "v6.3.1", + "source": { + "type": "git", + "url": "https://github.com/symfony/security-http.git", + "reference": "36d2bdd09c33f63014dc65f164a77ff099d256c6" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/symfony/security-http/zipball/36d2bdd09c33f63014dc65f164a77ff099d256c6", + "reference": "36d2bdd09c33f63014dc65f164a77ff099d256c6", + "shasum": "" + }, + "require": { + "php": ">=8.1", + "symfony/deprecation-contracts": "^2.5|^3", + "symfony/http-foundation": "^5.4|^6.0", + "symfony/http-kernel": "^6.3", + "symfony/polyfill-mbstring": "~1.0", + "symfony/property-access": "^5.4|^6.0", + "symfony/security-core": "^6.3" + }, + "conflict": { + "symfony/clock": "<6.3", + "symfony/event-dispatcher": "<5.4.9|>=6,<6.0.9", + "symfony/http-client-contracts": "<3.0", + "symfony/security-bundle": "<5.4", + "symfony/security-csrf": "<5.4" + }, + "require-dev": { + "psr/log": "^1|^2|^3", + "symfony/cache": "^5.4|^6.0", + "symfony/clock": "^6.3", + "symfony/expression-language": "^5.4|^6.0", + "symfony/http-client-contracts": "^3.0", + "symfony/rate-limiter": "^5.4|^6.0", + "symfony/routing": "^5.4|^6.0", + "symfony/security-csrf": "^5.4|^6.0", + "symfony/translation": "^5.4|^6.0", + "web-token/jwt-checker": "^3.1", + "web-token/jwt-signature-algorithm-ecdsa": "^3.1" + }, + "type": "library", + "autoload": { + "psr-4": { + "Symfony\\Component\\Security\\Http\\": "" + }, + "exclude-from-classmap": [ + "/Tests/" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Fabien Potencier", + "email": "fabien@symfony.com" + }, + { + "name": "Symfony Community", + "homepage": "https://symfony.com/contributors" + } + ], + "description": "Symfony Security Component - HTTP Integration", + "homepage": "https://symfony.com", + "support": { + "source": "https://github.com/symfony/security-http/tree/v6.3.1" + }, + "funding": [ + { + "url": "https://symfony.com/sponsor", + "type": "custom" + }, + { + "url": "https://github.com/fabpot", + "type": "github" + }, + { + "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", + "type": "tidelift" + } + ], + "time": "2023-06-18T15:50:12+00:00" + }, { "name": "symfony/service-contracts", "version": "v3.3.0", @@ -2935,6 +3555,69 @@ } ], "time": "2023-06-08T12:52:13+00:00" + }, + { + "name": "ua-parser/uap-php", + "version": "v3.9.14", + "source": { + "type": "git", + "url": "https://github.com/ua-parser/uap-php.git", + "reference": "b796c5ea5df588e65aeb4e2c6cce3811dec4fed6" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/ua-parser/uap-php/zipball/b796c5ea5df588e65aeb4e2c6cce3811dec4fed6", + "reference": "b796c5ea5df588e65aeb4e2c6cce3811dec4fed6", + "shasum": "" + }, + "require": { + "composer/ca-bundle": "^1.1", + "php": "^7.2 || ^8.0" + }, + "require-dev": { + "phpstan/phpstan": "^0.12.33", + "phpunit/phpunit": "^8 || ^9", + "symfony/console": "^3.4 || ^4.2 || ^4.3 || ^5.0", + "symfony/filesystem": "^3.4 || ^4.2 || ^4.3 || ^5.0", + "symfony/finder": "^3.4 || ^4.2 || ^4.3 || ^5.0", + "symfony/yaml": "^3.4 || ^4.2 || ^4.3 || ^5.0", + "vimeo/psalm": "^3.12" + }, + "suggest": { + "symfony/console": "Required for CLI usage - ^3.4 || ^4.3 || ^5.0", + "symfony/filesystem": "Required for CLI usage - ^3.4 || ^4.3 || ^5.0", + "symfony/finder": "Required for CLI usage - ^3.4 || ^4.3 || ^5.0", + "symfony/yaml": "Required for CLI usage - ^3.4 || ^4.3 || ^5.0" + }, + "bin": [ + "bin/uaparser" + ], + "type": "library", + "autoload": { + "psr-4": { + "UAParser\\": "src" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Dave Olsen", + "email": "dmolsen@gmail.com" + }, + { + "name": "Lars Strojny", + "email": "lars@strojny.net" + } + ], + "description": "A multi-language port of Browserscope's user agent parser.", + "support": { + "issues": "https://github.com/ua-parser/uap-php/issues", + "source": "https://github.com/ua-parser/uap-php/tree/v3.9.14" + }, + "time": "2020-10-02T23:36:20+00:00" } ], "packages-dev": [], diff --git a/config/bundles.php b/config/bundles.php index c9bc713..edf8741 100755 --- a/config/bundles.php +++ b/config/bundles.php @@ -4,4 +4,5 @@ return [ Symfony\Bundle\FrameworkBundle\FrameworkBundle::class => ['all' => true], Symfony\Bundle\TwigBundle\TwigBundle::class => ['all' => true], Symfony\WebpackEncoreBundle\WebpackEncoreBundle::class => ['all' => true], + Nelmio\SecurityBundle\NelmioSecurityBundle::class => ['all' => true], ]; diff --git a/config/packages/nelmio_security.yaml b/config/packages/nelmio_security.yaml new file mode 100644 index 0000000..ac32a83 --- /dev/null +++ b/config/packages/nelmio_security.yaml @@ -0,0 +1,49 @@ +nelmio_security: + # prevents framing of the entire site + clickjacking: + paths: + '^/.*': DENY + + # disables content type sniffing for script resources + content_type: + nosniff: true + + # forces Microsoft's XSS-Protection with + # its block mode + xss_protection: + enabled: true + mode_block: true + + # Send a full URL in the `Referer` header when performing a same-origin request, + # only send the origin of the document to secure destination (HTTPS->HTTPS), + # and send no header to a less secure destination (HTTPS->HTTP). + # If `strict-origin-when-cross-origin` is not supported, use `no-referrer` policy, + # no referrer information is sent along with requests. + referrer_policy: + enabled: true + policies: + - 'same-origin' + + csp: + hosts: [] + content_types: [] + enforce: + level1_fallback: false + browser_adaptive: + enabled: false + report-uri: '%router.request_context.base_url%/nelmio/csp/report' + default-src: + - 'none' + script-src: + - 'self' + style-src: + - 'self' + img-src: + - 'self' + font-src: + - 'self' + form-action: + - 'none' + frame-ancestors: + - 'none' + block-all-mixed-content: true \ No newline at end of file diff --git a/config/services.yaml b/config/services.yaml index 1d4da19..9fb69e5 100644 --- a/config/services.yaml +++ b/config/services.yaml @@ -4,9 +4,6 @@ # Put parameters here that don't need to change on each machine where the app is deployed # https://symfony.com/doc/current/best_practices.html#use-parameters-for-application-configuration parameters: - security: - csp_policy: "default-src 'none'; font-src 'self'; style-src 'self'; script-src 'self'; img-src 'self'; form-action 'none'; frame-ancestors 'none'; require-trusted-types-for 'script'; base-uri 'none'; " - referer_policy: "same-origin" services: # default configuration for services in *this* file diff --git a/src/EventSubscriber/SecurityHeadersSubscriber.php b/src/EventSubscriber/SecurityHeadersSubscriber.php deleted file mode 100755 index f924a35..0000000 --- a/src/EventSubscriber/SecurityHeadersSubscriber.php +++ /dev/null @@ -1,37 +0,0 @@ -params = $params; - } - - public function onResponse(ResponseEvent $event) - { - $response = $event->getResponse(); - $securitypolicy = $this->params->get('security'); - $csp = $securitypolicy['csp_policy']; - $referer = $securitypolicy['referer_policy']; - $response->headers->set("Content-Security-Policy", $csp); - $response->headers->set("Referrer-Policy", $referer); - - $event->setResponse($response); - } - - public static function getSubscribedEvents() - { - return [ - KernelEvents::RESPONSE => 'onResponse' - ]; - } -} \ No newline at end of file diff --git a/symfony.lock b/symfony.lock index 84b67fc..042c8e5 100644 --- a/symfony.lock +++ b/symfony.lock @@ -1,4 +1,16 @@ { + "nelmio/security-bundle": { + "version": "3.0", + "recipe": { + "repo": "github.com/symfony/recipes", + "branch": "main", + "version": "2.4", + "ref": "65726efb67ff51d89de38195bc0d230fa811f64d" + }, + "files": [ + "config/packages/nelmio_security.yaml" + ] + }, "symfony/console": { "version": "6.0", "recipe": {