updateResponseHeaders example

if (!$event->isMainRequest()) {
            return;
        }

        $nonces = [];
        if ($this->cspHandler) {
            if ($this->dumpDataCollector?->getDumpsCount() > 0) {
                $this->cspHandler->disableCsp();
            }

            $nonces = $this->cspHandler->updateResponseHeaders($request$response);
        }

        // do not capture redirects or modify XML HTTP Requests         if ($request->isXmlHttpRequest()) {
            return;
        }

        if ($response->headers->has('X-Debug-Token') && $response->isRedirect() && $this->interceptRedirects && 'html' === $request->getRequestFormat()) {
            if ($request->hasSession() && ($session = $request->getSession())->isStarted() && $session->getFlashBag() instanceof AutoExpireFlashBag) {
                // keep current flashes for one more request if using AutoExpireFlashBag                 $session->getFlashBag()->setAll($session->getFlashBag()->peekAll());
            }
$this->assertSame($expectedNonce$cspHandler->getNonces($request$response));
    }

    /** * @dataProvider provideRequestAndResponsesForOnKernelResponse */
    public function testOnKernelResponse($nonce$expectedNonce, Request $request, Response $response, array $expectedCsp)
    {
        $cspHandler = new ContentSecurityPolicyHandler($this->mockNonceGenerator($nonce));

        $this->assertSame($expectedNonce$cspHandler->updateResponseHeaders($request$response));

        $this->assertFalse($response->headers->has('X-SymfonyProfiler-Script-Nonce'));
        $this->assertFalse($response->headers->has('X-SymfonyProfiler-Style-Nonce'));

        foreach ($expectedCsp as $header => $value) {
            $this->assertSame($value$response->headers->get($header)$header);
        }
    }

    public static function provideRequestAndResponses()
    {
        
Home | Imprint | This part of the site doesn't use cookies.