ENHANCEMENT: Reimplemented CSP

This commit is contained in:
Jeroen De Meerleer 2022-06-08 13:31:17 +02:00
parent 74b238c3d5
commit 9e20b84862
Signed by: JeroenED
GPG Key ID: 28CCCB8F62BFADD6
4 changed files with 41 additions and 2 deletions

View File

@ -4,6 +4,9 @@
# Put parameters here that don't need to change on each machine where the app is deployed
# https://symfony.com/doc/current/best_practices.html#use-parameters-for-application-configuration
parameters:
security:
csp_policy: "default-src 'none'; font-src 'self'; style-src 'self'; script-src 'self'; img-src 'self'; form-action 'none'; frame-ancestors 'none'; require-trusted-types-for 'script'; base-uri 'none'; "
referer_policy: "same-origin"
services:
# default configuration for services in *this* file

View File

@ -17,7 +17,8 @@
"vite-plugin-symfony": "^0.3.0"
},
"scripts": {
"dev": "vite",
"watch": "vite build --minify=false --sourcemap --watch",
"build-dev": "vite build --minify=false --sourcemap",
"build": "vite build"
},
"repository": {

View File

@ -1,6 +1,6 @@
<?php
namespace App\EventListener;
namespace App\EventSubscriber;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpFoundation\Response;

View File

@ -0,0 +1,35 @@
<?php
namespace App\EventSubscriber;
use Symfony\Component\DependencyInjection\ParameterBag\ContainerBagInterface;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use Symfony\Component\HttpKernel\Event\ResponseEvent;
use Symfony\Component\HttpKernel\KernelEvents;
class SecurityHeadersSubscriber implements EventSubscriberInterface
{
private $params;
public function __construct(ContainerBagInterface $params)
{
$this->params = $params;
}
public function onResponse(ResponseEvent $event)
{
$response = $event->getResponse();
$securitypolicy = $this->params->get('security');
$csp = $securitypolicy['csp_policy'];
$referer = $securitypolicy['referer_policy'];
$response->headers->set("Content-Security-Policy", $csp);
$response->headers->set("Referrer-Policy", $referer);
}
public static function getSubscribedEvents()
{
return [
KernelEvents::RESPONSE => 'onResponse'
];
}
}