ContentSecurityPolicyHandler
class ContentSecurityPolicyHandler
Handles Content-Security-Policy HTTP header for the WebProfiler Bundle.
Methods
| __construct(NonceGenerator $nonceGenerator) | ||
| array | getNonces(Request $request, Response $response) Returns an array of nonces to be used in Twig templates and Content-Security-Policy headers. | |
| disableCsp() Disables Content-Security-Policy. | ||
| array | updateResponseHeaders(Request $request, Response $response) Cleanup temporary headers and updates Content-Security-Policy headers. |
Details
__construct(NonceGenerator $nonceGenerator)
Parameters
| NonceGenerator | $nonceGenerator |
array getNonces(Request $request, Response $response)
Returns an array of nonces to be used in Twig templates and Content-Security-Policy headers.
Nonce can be provided by; - The request - In case HTML content is fetched via AJAX and inserted in DOM, it must use the same nonce as origin - The response - A call to getNonces() has already been done previously. Same nonce are returned - They are otherwise randomly generated
Parameters
| Request | $request | |
| Response | $response |
Return Value
| array |
disableCsp()
Disables Content-Security-Policy.
All related headers will be removed.
array updateResponseHeaders(Request $request, Response $response)
Cleanup temporary headers and updates Content-Security-Policy headers.
Parameters
| Request | $request | |
| Response | $response |
Return Value
| array | Nonces used by the bundle in Content-Security-Policy header |
© 2004–2017 Fabien Potencier
Licensed under the MIT License.
http://api.symfony.com/4.0/Symfony/Bundle/WebProfilerBundle/Csp/ContentSecurityPolicyHandler.html