<?php
namespace App\EventSubscriber;
use JetBrains\PhpStorm\ArrayShape;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpKernel\Event\ResponseEvent;
use Symfony\Component\HttpKernel\KernelEvents;
class SecurityHeadersSubscriber implements EventSubscriberInterface
{
public function onKernelResponse(ResponseEvent $event): void
{
$response = $event->getResponse();
$response->headers->set('X-Content-Type-Options', 'nosniff');
// $response->headers->set('X-Frame-Options', 'SAMEORIGIN');
$response->headers->set('X-XSS-Protection', '1; mode=block');
// $response->headers->set('Content-Security-Policy', "default-src 'self'; script-src 'self' 'nonce-fb36db628485fc3a388a259581f9057d';");
if ($response->getStatusCode() === Response::HTTP_OK) {
$response->headers->set('Strict-Transport-Security', 'max-age=31536000; includeSubDomains; preload');
}
}
#[ArrayShape([KernelEvents::RESPONSE => "string"])] public static function getSubscribedEvents(): array
{
return [
KernelEvents::RESPONSE => 'onKernelResponse',
];
}
}