src/EventListener/RequestListener.php line 9

Open in your IDE?
  1. <?php
  3. namespace App\EventListener;
  5. use Symfony\Component\HttpKernel\Event\ResponseEvent;
  7. class RequestListener
  8. {
  9.     public function onKernelResponse(ResponseEvent $event)
  10.     {
  11.         if (!$event->isMainRequest()) {
  12.             // don't do anything if it's not the master request
  13.             return;
  14.         }
  15.         $event->getResponse()->headers->add([
  16.             'X-XSS-Protection' => "1; mode=block",
  17.             'X-Frame-Options' => "DENY",
  18.             'X-Content-Type-Options' => "nosniff",
  19.             'Content-Security-Policy' => "object-src 'none'; form-action 'self'; frame-ancestors 'self';",
  20.             'Strict-Transport-Security' => "max-age=63072000; includeSubDomains; preload;",
  21.             'Permissions-Policy' => "camera=none",
  22.             'Referrer-Policy' => "no-referrer-when-downgrade",
  23.         ]);
  24.     }
  25. }