private function buildHeaders(Request $request, DirectiveSet $directiveSet, $reportOnly, $compatHeaders, array $signatures = null)
{
// $signatures might be null if no KernelEvents::REQUEST has been triggered.
// for instance if a security.authentication.failure has been dispatched
$headerValue = $directiveSet->buildHeaderValue($request, $signatures);
if (!$headerValue) {
return array();
}
$hn = function ($name) use($reportOnly) {
return $name . ($reportOnly ? '-Report-Only' : '');
};
$headers = array($hn('Content-Security-Policy') => $headerValue);
if ($compatHeaders) {
$headers[$hn('X-Content-Security-Policy')] = $headerValue;
}
return $headers;
}