W3cubDocs

/Symfony 4.1

ContentSecurityPolicyHandler

class ContentSecurityPolicyHandler

Handles Content-Security-Policy HTTP header for the WebProfiler Bundle.

Methods

__construct(NonceGenerator $nonceGenerator)
array getNonces(Request $request, Response $response)

Returns an array of nonces to be used in Twig templates and Content-Security-Policy headers.

disableCsp()

Disables Content-Security-Policy.

array updateResponseHeaders(Request $request, Response $response)

Cleanup temporary headers and updates Content-Security-Policy headers.

Details

__construct(NonceGenerator $nonceGenerator)

Parameters

NonceGenerator $nonceGenerator

array getNonces(Request $request, Response $response)

Returns an array of nonces to be used in Twig templates and Content-Security-Policy headers.

Nonce can be provided by; - The request - In case HTML content is fetched via AJAX and inserted in DOM, it must use the same nonce as origin - The response - A call to getNonces() has already been done previously. Same nonce are returned - They are otherwise randomly generated

Parameters

Request $request
Response $response

Return Value

array

disableCsp()

Disables Content-Security-Policy.

All related headers will be removed.

array updateResponseHeaders(Request $request, Response $response)

Cleanup temporary headers and updates Content-Security-Policy headers.

Parameters

Request $request
Response $response

Return Value

array Nonces used by the bundle in Content-Security-Policy header