public function ResponseFrameOptions::setHeaderContentSecurityPolicy in Commerce Demo 8.2
Set header 'Content-Security-Policy' to allow embedding in iFrame.
File
- src/
EventSubscriber/ ResponseFrameOptions.php, line 18
Class
- ResponseFrameOptions
- Sets the 'Content-Security-Policy' header to allow embedding in iFrame.
Namespace
Drupal\commerce_demo\EventSubscriberCode
public function setHeaderContentSecurityPolicy(FilterResponseEvent $event) {
$response = $event
->getResponse();
$response->headers
->remove('X-Frame-Options');
$response->headers
->set('Content-Security-Policy', "frame-ancestors 'self' *", FALSE);
if ($response instanceof HtmlResponse) {
$response->headers
->set('P3P', 'CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"');
}
}