ENHANCEMENT: added CSP again

main
Jeroen De Meerleer 2 months ago
parent c372a780c7
commit 2914fc6251
Signed by: JeroenED
GPG Key ID: 28CCCB8F62BFADD6
  1. 3
      config/services.yaml
  2. 1
      src/EventSubscriber/LocaleSubscriber.php
  3. 35
      src/EventSubscriber/SecurityHeadersSubscriber.php

@ -5,6 +5,9 @@
# https://symfony.com/doc/current/best_practices.html#use-parameters-for-application-configuration
parameters:
enabled_locales: 'en|nl'
security:
csp_policy: "default-src 'none'; font-src 'self' data:; style-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self' data:; form-action 'self'; require-trusted-types-for 'script'; frame-ancestors 'none'; base-uri 'none'"
referer_policy: "same-origin"
services:
# default configuration for services in *this* file

@ -1,6 +1,5 @@
<?php
// src/EventSubscriber/LocaleSubscriber.php
namespace App\EventSubscriber;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;

@ -0,0 +1,35 @@
<?php
namespace App\EventSubscriber;
use Symfony\Component\DependencyInjection\ParameterBag\ContainerBagInterface;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use Symfony\Component\HttpKernel\Event\ResponseEvent;
use Symfony\Component\HttpKernel\KernelEvents;
class SecurityHeadersSubscriber implements EventSubscriberInterface
{
private $params;
public function __construct(ContainerBagInterface $params)
{
$this->params = $params;
}
public function onResponse(ResponseEvent $event)
{
$response = $event->getResponse();
$securitypolicy = $this->params->get('security');
$csp = $securitypolicy['csp_policy'];
$referer = $securitypolicy['referer_policy'];
$response->headers->set("Content-Security-Policy", $csp);
$response->headers->set("Referrer-Policy", $referer);
}
public static function getSubscribedEvents()
{
return [
KernelEvents::RESPONSE => 'onResponse'
];
}
}
Loading…
Cancel
Save