src/Juki/Bundle/AppBundle/EventListener/ResponseSubscriber.php line 59

Open in your IDE?
  1. <?php
  3. namespace Juki\Bundle\AppBundle\EventListener;
  5. use Doctrine\ORM\EntityManagerInterface;
  6. use Hitso\Bundle\CommonBundle\Helper\Request\RequestHelper;
  7. use Hitso\Bundle\SeoBundle\Entity\SeoPage;
  8. use Hitso\Bundle\SeoBundle\Service\SeoPagesManager;
  9. use Symfony\Cmf\Bundle\SeoBundle\SeoPresentationInterface;
  10. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  11. use Symfony\Component\HttpKernel\Event\ControllerEvent;
  12. use Symfony\Component\HttpKernel\KernelEvents;
  13. use Symfony\Component\HttpKernel\Event\ResponseEvent;
  15. class ResponseSubscriber implements EventSubscriberInterface
  16. {
  17.     /**
  18.      * @var SeoPresentationInterface
  19.      */
  20.     private $seoPresentation;
  22.     /**
  23.      * @var string The key to look up the content in the request attributes
  24.      */
  25.     private $seoPagesManager;
  27.     /**
  28.      * @var EntityManagerInterface
  29.      */
  30.     private $entityManager;
  32.     /**
  33.      * @var array
  34.      */
  35.     private $seoPages;
  37.     private $requestHelper;
  39.     public function __construct(
  40.         SeoPresentationInterface $seoPresentation,
  41.         EntityManagerInterface $entityManager,
  42.         SeoPagesManager $seoPagesManager,
  43.         RequestHelper $requestHelper
  44.     ) {
  45.         $this->seoPresentation $seoPresentation;
  46.         $this->entityManager   $entityManager;
  47.         $this->seoPagesManager $seoPagesManager;
  48.         $this->requestHelper   $requestHelper;
  49.     }
  51.     public static function getSubscribedEvents()
  52.     {
  53. //        return [];
  54.         return [
  55.             KernelEvents::RESPONSE => ['onKernelResponse'0],
  56.         ];
  57.     }
  59.     public function onKernelResponse(ResponseEvent $event)
  60.     {
  61.         $request $event->getRequest();
  62.         $site $request->get('_site'null);
  64.         if ($site !== 'admin') {
  66.             $response $event->getResponse();
  68.             // Policy generator - https://report-uri.com/home/generate
  69. //            $policy = "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.googleapis.com unpkg.com *.google-analytics.com; script-src-elem; script-src-attr; style-src 'self' 'unsafe-inline' *.googleapis.com; style-src-elem; style-src-attr; img-src 'self' data: *.gstatic.com *.googleapis.com *.google.com *.google-analytics.com *.ytimg.com; font-src 'self' *.gstatic.com; connect-src *.google-analytics.com; media-src; object-src; prefetch-src; child-src; frame-src 'self' youtube.com www.youtube.com youtu.be *.novitus.pl; worker-src; frame-ancestors; form-action; base-uri; manifest-src; plugin-types; report-uri; report-to";
  70.             $policies = [];
  71.             $policies[] = "default-src 'self'";
  72.             $policies[] = "script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.googleapis.com unpkg.com *.google-analytics.com *.google.com *.gstatic.com";
  73.             $policies[] = "connect-src 'self' *.googleapis.com *.google-analytics.com";
  74.             $policies[] = "style-src 'self' 'unsafe-inline' *.googleapis.com";
  75.             $policies[] = "img-src 'self' blob: data: *.gstatic.com *.googleapis.com *.google.com *.google-analytics.com *.ytimg.com";
  76.             $policies[] = "font-src 'self' *.gstatic.com";
  77.             $policies[] = "frame-src 'self' youtube.com www.youtube.com youtu.be *.novitus.pl *.google.com";
  79.             $response->headers->set('Content-Security-Policy'implode('; '$policies));
  80.             $response->headers->set('Strict-Transport-Security''max-age=2592000; includeSubDomains');
  81.             $response->headers->set('X-Content-Type-Options''nosniff');
  82.             $response->headers->set('X-XSS-Protection''1; mode=block');
  84.         }
  85.     }
  86. }