public onKernelResponse ( |
||
$e |
public function onKernelResponse(FilterResponseEvent $e)
{
if (HttpKernelInterface::MASTER_REQUEST !== $e->getRequestType()) {
return;
}
$request = $e->getRequest();
$response = $e->getResponse();
if ($response->isRedirection()) {
$this->nonce = null;
$this->sha = null;
return;
}
if ((empty($this->hosts) || in_array($e->getRequest()->getHost(), $this->hosts, true)) && $this->isContentTypeValid($response)) {
$signatures = $this->sha;
if ($this->nonce) {
$signatures['script-src'][] = 'nonce-' . $this->nonce;
$signatures['style-src'][] = 'nonce-' . $this->nonce;
}
$response->headers->add($this->buildHeaders($request, $this->report, true, $this->compatHeaders, $signatures));
$response->headers->add($this->buildHeaders($request, $this->enforce, false, $this->compatHeaders, $signatures));
}
$this->nonce = null;
$this->sha = null;
}
protected function callListener(ContentSecurityPolicyListener $listener, $path, $masterReq, $contentType = 'text/html', array $digestData = array(), $getNonce = 0) { $request = Request::create($path); $event = new GetResponseEvent($this->kernel, $request, $masterReq ? HttpKernelInterface::MASTER_REQUEST : HttpKernelInterface::SUB_REQUEST); $listener->onKernelRequest($event); if (isset($digestData['scripts'])) { foreach ($digestData['scripts'] as $script) { $listener->addScript($script); } } if (isset($digestData['styles'])) { foreach ($digestData['styles'] as $style) { $listener->addStyle($style); } } if (isset($digestData['signatures'])) { foreach ($digestData['signatures'] as $type => $values) { foreach ($values as $value) { $listener->addSha($type, $value); } } } for ($i = 0; $i < $getNonce; ++$i) { $listener->getNonce(); } $response = new Response(); $response->headers->add(array('content-type' => $contentType)); $event = new FilterResponseEvent($this->kernel, $request, $masterReq ? HttpKernelInterface::MASTER_REQUEST : HttpKernelInterface::SUB_REQUEST, $response); $listener->onKernelResponse($event); return $response; }