final class ResponseFrameOptions in Commerce Demo 8.2

Sets the 'Content-Security-Policy' header to allow embedding in iFrame.

Hierarchy

class \Drupal\commerce_demo\EventSubscriber\ResponseFrameOptions implements \Symfony\Component\EventDispatcher\EventSubscriberInterface

Expanded class hierarchy of ResponseFrameOptions

1 string reference to 'ResponseFrameOptions'

commerce_demo.services.yml in ./commerce_demo.services.yml: commerce_demo.services.yml

1 service uses ResponseFrameOptions

commerce_demo.response_frame_options in ./commerce_demo.services.yml: Drupal\commerce_demo\EventSubscriber\ResponseFrameOptions

File

src/EventSubscriber/ResponseFrameOptions.php, line 13

Namespace

Drupal\commerce_demo\EventSubscriber

View source

final class ResponseFrameOptions implements EventSubscriberInterface {

  /**
   * Set header 'Content-Security-Policy' to allow embedding in iFrame.
   */
  public function setHeaderContentSecurityPolicy(FilterResponseEvent $event) {
    $response = $event
      ->getResponse();
    $response->headers
      ->remove('X-Frame-Options');
    $response->headers
      ->set('Content-Security-Policy', "frame-ancestors 'self' *", FALSE);
    if ($response instanceof HtmlResponse) {
      $response->headers
        ->set('P3P', 'CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"');
    }
  }

  /**
   * {@inheritdoc}
   */
  public static function getSubscribedEvents() {

    // Response: set header content security policy.
    $events[KernelEvents::RESPONSE][] = [
      'setHeaderContentSecurityPolicy',
    ];
    return $events;
  }

}

Members

Name	Modifiers	Type	Description	Overrides
ResponseFrameOptions::getSubscribedEvents	public static	function
ResponseFrameOptions::setHeaderContentSecurityPolicy	public	function	Set header 'Content-Security-Policy' to allow embedding in iFrame.

You are here

final class ResponseFrameOptions in Commerce Demo 8.2

Hierarchy

File

Namespace

Members

API Navigation