class ContentSecurityPolicyHandler
Handles Content-Security-Policy HTTP header for the WebProfiler Bundle.
| __construct(NonceGenerator $nonceGenerator) | ||
| array | getNonces(Request $request, Response $response) Returns an array of nonces to be used in Twig templates and Content-Security-Policy headers. | |
| disableCsp() Disables Content-Security-Policy. | ||
| array | updateResponseHeaders(Request $request, Response $response) Cleanup temporary headers and updates Content-Security-Policy headers. |
| NonceGenerator | $nonceGenerator |
Returns an array of nonces to be used in Twig templates and Content-Security-Policy headers.
Nonce can be provided by; - The request - In case HTML content is fetched via AJAX and inserted in DOM, it must use the same nonce as origin - The response - A call to getNonces() has already been done previously. Same nonce are returned - They are otherwise randomly generated
| Request | $request | |
| Response | $response |
| array |
Disables Content-Security-Policy.
All related headers will be removed.
Cleanup temporary headers and updates Content-Security-Policy headers.
| Request | $request | |
| Response | $response |
| array | Nonces used by the bundle in Content-Security-Policy header |
© 2004–2017 Fabien Potencier
Licensed under the MIT License.
https://api.symfony.com/4.1/Symfony/Bundle/WebProfilerBundle/Csp/ContentSecurityPolicyHandler.html