ClickjackProtectionSubscriber - Code Metrics - zikula/core - Measure and Improve Code Quality continuously with Scrutinizer

ClickjackProtectionSubscriber A
last analyzed 2025-02-11 12:26 UTC

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	26
Duplicated Lines	0 %

Importance

Changes

Metric	Value
eloc	8
dl	0
loc	26
rs	10
c	0
b	0
f	0
wmc	4

3 Methods

Rating	Name	Size	Complexity
A	__construct()	2	1
A	getSubscribedEvents()	4	1
A	onKernelResponse()	10	2

<?php

declare(strict_types=1);

/*
 * This file is part of the Zikula package.
 *
 * Copyright Zikula - https://ziku.la/
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 */

namespace Zikula\CoreBundle\EventSubscriber;

use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use Symfony\Component\HttpKernel\Event\ResponseEvent;
use Symfony\Component\HttpKernel\KernelEvents;

/**
 * Sets x-origin headers to prevent clickjacking attacks.
 *
 * Consider https://github.com/nelmio/NelmioSecurityBundle for a future major release refs #3646
 */
class ClickjackProtectionSubscriber implements EventSubscriberInterface
{
    public function __construct(private readonly string $xFrameOptions)
    {
    }

    public static function getSubscribedEvents(): array
    {
        return [
            KernelEvents::RESPONSE => ['onKernelResponse', -99],
        ];
    }

    /**
     * Sets x-origin headers in the response object.
     */
    public function onKernelResponse(ResponseEvent $event): void
    {
        if (!$event->isMainRequest()) {
            return;
        }

        $response = $event->getResponse();

        $response->headers->set('X-Frame-Options', $this->xFrameOptions);
        $response->headers->set('X-XSS-Protection', '1');
    }
}


1			<?php
2
3			declare(strict_types=1);
4
5			/*
6			* This file is part of the Zikula package.
7			*
8			* Copyright Zikula - https://ziku.la/
9			*
10			* For the full copyright and license information, please view the LICENSE
11			* file that was distributed with this source code.
12			*/
13
14			namespace Zikula\CoreBundle\EventSubscriber;
15
16			use Symfony\Component\EventDispatcher\EventSubscriberInterface;
17			use Symfony\Component\HttpKernel\Event\ResponseEvent;
18			use Symfony\Component\HttpKernel\KernelEvents;
19
20			/**
21			* Sets x-origin headers to prevent clickjacking attacks.
22			*
23			* Consider https://github.com/nelmio/NelmioSecurityBundle for a future major release refs #3646
24			*/
25			class ClickjackProtectionSubscriber implements EventSubscriberInterface
26			{
27			public function __construct(private readonly string $xFrameOptions)
28			{
29			}
30
31			public static function getSubscribedEvents(): array
32			{
33			return [
34			KernelEvents::RESPONSE => ['onKernelResponse', -99],
35			];
36			}
37
38			/**
39			* Sets x-origin headers in the response object.
40			*/
41			public function onKernelResponse(ResponseEvent $event): void
42			{
43			if (!$event->isMainRequest()) {
44			return;
45			}
46
47			$response = $event->getResponse();
48
49			$response->headers->set('X-Frame-Options', $this->xFrameOptions);
50			$response->headers->set('X-XSS-Protection', '1');
51			}
52			}
53

zikula / core

ClickjackProtectionSubscriber A last analyzed 2025-02-11 12:26 UTC

Complexity

Size/Duplication

Importance

3 Methods

Duplication Side-by-Side

Filter issues like

ClickjackProtectionSubscriber A
last analyzed 2025-02-11 12:26 UTC