ENHANCEMENT: added CSP again
This commit is contained in:
parent
c372a780c7
commit
2914fc6251
|
@ -5,6 +5,9 @@
|
|||
# https://symfony.com/doc/current/best_practices.html#use-parameters-for-application-configuration
|
||||
parameters:
|
||||
enabled_locales: 'en|nl'
|
||||
security:
|
||||
csp_policy: "default-src 'none'; font-src 'self' data:; style-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self' data:; form-action 'self'; require-trusted-types-for 'script'; frame-ancestors 'none'; base-uri 'none'"
|
||||
referer_policy: "same-origin"
|
||||
|
||||
services:
|
||||
# default configuration for services in *this* file
|
||||
|
|
|
@ -1,6 +1,5 @@
|
|||
<?php
|
||||
|
||||
// src/EventSubscriber/LocaleSubscriber.php
|
||||
namespace App\EventSubscriber;
|
||||
|
||||
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
|
||||
|
|
|
@ -0,0 +1,35 @@
|
|||
<?php
|
||||
|
||||
namespace App\EventSubscriber;
|
||||
|
||||
use Symfony\Component\DependencyInjection\ParameterBag\ContainerBagInterface;
|
||||
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
|
||||
use Symfony\Component\HttpKernel\Event\ResponseEvent;
|
||||
use Symfony\Component\HttpKernel\KernelEvents;
|
||||
|
||||
class SecurityHeadersSubscriber implements EventSubscriberInterface
|
||||
{
|
||||
private $params;
|
||||
|
||||
public function __construct(ContainerBagInterface $params)
|
||||
{
|
||||
$this->params = $params;
|
||||
}
|
||||
|
||||
public function onResponse(ResponseEvent $event)
|
||||
{
|
||||
$response = $event->getResponse();
|
||||
$securitypolicy = $this->params->get('security');
|
||||
$csp = $securitypolicy['csp_policy'];
|
||||
$referer = $securitypolicy['referer_policy'];
|
||||
$response->headers->set("Content-Security-Policy", $csp);
|
||||
$response->headers->set("Referrer-Policy", $referer);
|
||||
}
|
||||
|
||||
public static function getSubscribedEvents()
|
||||
{
|
||||
return [
|
||||
KernelEvents::RESPONSE => 'onResponse'
|
||||
];
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue