Conditions | 7 |
Paths | 18 |
Total Lines | 40 |
Code Lines | 26 |
Lines | 0 |
Ratio | 0 % |
Tests | 19 |
CRAP Score | 7.0061 |
Changes | 4 | ||
Bugs | 0 | Features | 0 |
1 | <?php |
||
15 | 5 | public function onKernelResponse(FilterResponseEvent $event): void |
|
16 | { |
||
17 | $cacheControl = [ |
||
18 | 5 | 'max-age=0', |
|
19 | 'must-revalidate', |
||
20 | 'private', |
||
21 | 'no-cache', |
||
22 | ]; |
||
23 | |||
24 | 5 | if (defined('APPLICATION') && APPLICATION === 'Backend') { |
|
|
|||
25 | $cacheControl[] = 'no-store'; |
||
26 | } |
||
27 | |||
28 | $headers = [ |
||
29 | 5 | 'Cache-Control' => implode(', ', $cacheControl), |
|
30 | 5 | 'X-Frame-Options' => 'deny', |
|
31 | 5 | 'Expires' => '0', |
|
32 | 5 | 'Pragma' => 'no-cache', |
|
33 | 5 | 'referrer' => 'strict-origin-when-cross-origin', |
|
34 | 5 | 'Referrer-Policy' => 'strict-origin-when-cross-origin', |
|
35 | 5 | 'X-XSS-Protection' => '1; mode=block', |
|
36 | 5 | 'X-Content-Type-Options' => 'nosniff', |
|
37 | ]; |
||
38 | |||
39 | |||
40 | 5 | $responseHeaders = $event->getResponse()->headers; |
|
41 | 5 | foreach ($headers as $header => $value) { |
|
42 | 5 | if (!$responseHeaders->has($header)) { |
|
43 | 5 | $responseHeaders->set($header, $value); |
|
44 | } |
||
45 | } |
||
46 | |||
47 | // Don't leak server config |
||
48 | $blockedHeaders = [ |
||
49 | 5 | 'x-powered-by', |
|
50 | 'Server', |
||
51 | ]; |
||
52 | 5 | foreach ($blockedHeaders as $blockedHeader) { |
|
53 | 5 | if ($responseHeaders->has($blockedHeader)) { |
|
54 | 5 | $responseHeaders->remove($blockedHeader); |
|
55 | } |
||
59 |