<?php
namespace App\EventListener;
use Symfony\Component\HttpKernel\Event\ResponseEvent;
class RequestListener
{
public function onKernelResponse(ResponseEvent $event)
{
if (!$event->isMainRequest()) {
// don't do anything if it's not the master request
return;
}
$event->getResponse()->headers->add([
'X-XSS-Protection' => "1; mode=block",
'X-Frame-Options' => "DENY",
'X-Content-Type-Options' => "nosniff",
'Content-Security-Policy' => "object-src 'none'; form-action 'self'; frame-ancestors 'self';",
'Strict-Transport-Security' => "max-age=63072000; includeSubDomains; preload;",
'Permissions-Policy' => "camera=none",
'Referrer-Policy' => "no-referrer-when-downgrade",
]);
}
}