CodeExplorer
You are a developer and looking for Shopware projects?
Apply Now!
isCacheControlCustomized example
// different from the declared content-type, since that can lead to
// XSS and other vulnerabilities.
// https://owasp.org/www-project-secure-headers
$response->headers->set('X-Content-Type-Options', 'nosniff', FALSE);
$response->headers->set('X-Frame-Options', 'SAMEORIGIN', FALSE);
// If the current response isn't an implementation of the // CacheableResponseInterface, we assume that a Response is either // explicitly not cacheable or that caching headers are already set in // another place. if (!$response instanceof CacheableResponseInterface) {
if (!$this->isCacheControlCustomized($response)) {
$this->setResponseNotCacheable($response, $request);
}
// HTTP/1.0 proxies do not support the Vary header, so prevent any caching // by sending an Expires date in the past. HTTP/1.1 clients ignore the // Expires header if a Cache-Control: max-age directive is specified (see // RFC 2616, section 14.9.3). if (!$response->headers->has('Expires')) {
$this->setExpiresNoCache($response);
}
return;
}
$response->headers->set('X-Frame-Options', 'SAMEORIGIN', FALSE);
// If the current response isn't an implementation of the // CacheableResponseInterface, we assume that a Response is either // explicitly not cacheable or that caching headers are already set in // another place. if (!$response instanceof CacheableResponseInterface) {
if (!$this->isCacheControlCustomized($response)) {
$this->setResponseNotCacheable($response, $request);
}
// HTTP/1.0 proxies do not support the Vary header, so prevent any caching // by sending an Expires date in the past. HTTP/1.1 clients ignore the // Expires header if a Cache-Control: max-age directive is specified (see // RFC 2616, section 14.9.3). if (!$response->headers->has('Expires')) {
$this->setExpiresNoCache($response);
}
return;
}