<?php
namespace App\EventListener;
use Symfony\Component\HttpKernel\Event\ResponseEvent;
class RequestListener
{
public function onKernelResponse(ResponseEvent $event)
{
if (!$event->isMasterRequest()) {
// don't do anything if it's not the master request
return;
}
$event->getResponse()->headers->add([
'X-XSS-Protection' => "1; mode=block",
'X-Frame-Options' => "DENY",
'X-Content-Type-Options' => "nosniff",
'Content-Security-Policy' => "object-src 'none'; script-src 'self' 'unsafe-inline' js-agent.newrelic.com ; form-action 'self'; frame-ancestors 'self';",
'Strict-Transport-Security' => "max-age=63072000; includeSubDomains; preload;",
]);
}
}