ResponseSecurer::onKernelResponse() - Code Metrics - Inspection of "Code style fixes" - forkcms/forkcms - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( c5d212...10120e )

by jelmer

created 2019-12-05 10:45 UTC

ResponseSecurer::onKernelResponse() B

↳ Parent: ResponseSecurer

Complexity

Conditions	7
Paths	18

Size

Total Lines	40
Code Lines	26

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	20
CRAP Score	7

Importance

Changes	4
Bugs	0	Features	0

Metric	Value
cc	7
eloc	26
c	4
b	0
f	0
nc	18
nop	1
dl	0
loc	40
ccs	20
cts	20
cp	1
crap	7
rs	8.5706

<?php

namespace Common\EventListener;

use Symfony\Component\HttpKernel\Event\FilterResponseEvent;

class ResponseSecurer
{
    /**
     * Add some headers to the response to make our application more secure
     * see https://www.owasp.org/index.php/List_of_useful_HTTP_headers
     *
     * @param FilterResponseEvent $event
     */
    public function onKernelResponse(FilterResponseEvent $event): void
    {
        $cacheControl = [
            'max-age=0',
            'must-revalidate',
            'private',
            'no-cache',
        ];

        if (defined('APPLICATION') && APPLICATION === 'Backend') {

            $cacheControl[] = 'no-store';
        }

        $headers = [
            'Cache-Control' => implode(', ', $cacheControl),
            'X-Frame-Options' => 'deny',
            'Expires' =>  '0',
            'Pragma' => 'no-cache',
            'referrer' => 'strict-origin-when-cross-origin',
            'Referrer-Policy' => 'strict-origin-when-cross-origin',
            'X-XSS-Protection' => '1; mode=block',
            'X-Content-Type-Options' => 'nosniff',
        ];


        $responseHeaders = $event->getResponse()->headers;
        foreach ($headers as $header => $value) {
            if (!$responseHeaders->has($header)) {
                $responseHeaders->set($header, $value);
            }
        }

        // Don't leak server config
        $blockedHeaders = [
            'x-powered-by',
            'Server',
        ];
        foreach ($blockedHeaders as $blockedHeader) {
            if ($responseHeaders->has($blockedHeader)) {
                $responseHeaders->remove($blockedHeader);
            }
        }
    }
}


1		<?php
2
3		namespace Common\EventListener;
4
5		use Symfony\Component\HttpKernel\Event\FilterResponseEvent;
6
7		class ResponseSecurer
8		{
9		/**
10		* Add some headers to the response to make our application more secure
11		* see https://www.owasp.org/index.php/List_of_useful_HTTP_headers
12		*
13		* @param FilterResponseEvent $event
14		*/
15	83	public function onKernelResponse(FilterResponseEvent $event): void
16		{
17		$cacheControl = [
18	83	'max-age=0',
19		'must-revalidate',
20		'private',
21		'no-cache',
22		];
23
24	83	if (defined('APPLICATION') && APPLICATION === 'Backend') {
		0 ignored issues – show introduced 2019-10-02 15:23 UTC by Report Bug Copy Issue Report The condition `Common\EventListener\APPLICATION === 'Backend'` is always `false`. Loading history...
25	83	$cacheControl[] = 'no-store';
26		}
27
28		$headers = [
29	83	'Cache-Control' => implode(', ', $cacheControl),
30	83	'X-Frame-Options' => 'deny',
31	83	'Expires' => '0',
32	83	'Pragma' => 'no-cache',
33	83	'referrer' => 'strict-origin-when-cross-origin',
34	83	'Referrer-Policy' => 'strict-origin-when-cross-origin',
35	83	'X-XSS-Protection' => '1; mode=block',
36	83	'X-Content-Type-Options' => 'nosniff',
37		];
38
39
40	83	$responseHeaders = $event->getResponse()->headers;
41	83	foreach ($headers as $header => $value) {
42	83	if (!$responseHeaders->has($header)) {
43	83	$responseHeaders->set($header, $value);
44		}
45		}
46
47		// Don't leak server config
48		$blockedHeaders = [
49	83	'x-powered-by',
50		'Server',
51		];
52	83	foreach ($blockedHeaders as $blockedHeader) {
53	83	if ($responseHeaders->has($blockedHeader)) {
54	83	$responseHeaders->remove($blockedHeader);
55		}
56		}
57	83	}
58		}
59

forkcms / forkcms

Push — master ( c5d212...10120e )

ResponseSecurer::onKernelResponse() B

Complexity

Size

Duplication

Code Coverage

Importance

Duplication Side-by-Side

Filter issues like