private function modifyStatusCode(Request $request, Response $response)
{
if ($request->headers->has(self::ORIGIN_REQUEST_HEADER) && $response->headers->has(self::ORIGIN_RESPONSE_HEADER) && !$this->haveSameOrigin($request, $response)) {
$response->setStatusCode(Response::HTTP_FORBIDDEN);
}
}