ContentSecurityPolicyHandler
class ContentSecurityPolicyHandler
Handles Content-Security-Policy HTTP header for the WebProfiler Bundle.
Methods
array
disableCsp()
Disables Content-Security-Policy.
array
updateResponseHeaders(Request $request, Response $response)
Cleanup temporary headers and updates Content-Security-Policy headers.
Details
array
getNonces(Request $request, Response $response)
Returns an array of nonces to be used in Twig templates and Content-Security-Policy headers.
Nonce can be provided by; - The request - In case HTML content is fetched via AJAX and inserted in DOM, it must use the same nonce as origin - The response - A call to getNonces() has already been done previously. Same nonce are returned - They are otherwise randomly generated