src/EventListener/RequestListener.php line 9

Open in your IDE?
  1. <?php
  2. namespace App\EventListener;
  3. use Symfony\Component\HttpKernel\Event\ResponseEvent;
  4. class RequestListener
  5. {
  6.     public function onKernelResponse(ResponseEvent $event)
  7.     {
  8.         if (!$event->isMasterRequest()) {
  9.             // don't do anything if it's not the master request
  10.             return;
  11.         }
  12.         $event->getResponse()->headers->add([
  13.             'X-XSS-Protection' => "1; mode=block",
  14.             'X-Frame-Options' => "DENY",
  15.             'X-Content-Type-Options' => "nosniff",
  16.             'Content-Security-Policy' => "object-src 'none'; script-src 'self' 'unsafe-inline' js-agent.newrelic.com ; form-action 'self'; frame-ancestors 'self';",
  17.             'Strict-Transport-Security' => "max-age=63072000; includeSubDomains; preload;",
  18.         ]);
  19.     }
  20. }