final class ResponseFrameOptions in Commerce Demo 8.2
Sets the 'Content-Security-Policy' header to allow embedding in iFrame.
Hierarchy
- class \Drupal\commerce_demo\EventSubscriber\ResponseFrameOptions implements \Symfony\Component\EventDispatcher\EventSubscriberInterface
Expanded class hierarchy of ResponseFrameOptions
1 string reference to 'ResponseFrameOptions'
1 service uses ResponseFrameOptions
File
- src/
EventSubscriber/ ResponseFrameOptions.php, line 13
Namespace
Drupal\commerce_demo\EventSubscriberView source
final class ResponseFrameOptions implements EventSubscriberInterface {
/**
* Set header 'Content-Security-Policy' to allow embedding in iFrame.
*/
public function setHeaderContentSecurityPolicy(FilterResponseEvent $event) {
$response = $event
->getResponse();
$response->headers
->remove('X-Frame-Options');
$response->headers
->set('Content-Security-Policy', "frame-ancestors 'self' *", FALSE);
if ($response instanceof HtmlResponse) {
$response->headers
->set('P3P', 'CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"');
}
}
/**
* {@inheritdoc}
*/
public static function getSubscribedEvents() {
// Response: set header content security policy.
$events[KernelEvents::RESPONSE][] = [
'setHeaderContentSecurityPolicy',
];
return $events;
}
}
Members
Name | Modifiers | Type | Description | Overrides |
---|---|---|---|---|
ResponseFrameOptions:: |
public static | function | ||
ResponseFrameOptions:: |
public | function | Set header 'Content-Security-Policy' to allow embedding in iFrame. |