You are here

Home » API reference » X-Frame-Options Configuration 8 » XframeSubscriber.php

class XframeSubscriber in X-Frame-Options Configuration 8

Subscribing an event.

Hierarchy

  • class \Drupal\x_frame_options_configuration\EventSubscriber\XframeSubscriber implements \Symfony\Component\EventDispatcher\EventSubscriberInterface

Expanded class hierarchy of XframeSubscriber

1 string reference to 'XframeSubscriber'
x_frame_options_configuration.services.yml in ./x_frame_options_configuration.services.yml
x_frame_options_configuration.services.yml
1 service uses XframeSubscriber
x_frame_options_configuration.subscriber in ./x_frame_options_configuration.services.yml
Drupal\x_frame_options_configuration\EventSubscriber\XframeSubscriber

File

src/EventSubscriber/XframeSubscriber.php, line 15

Namespace

Drupal\x_frame_options_configuration\EventSubscriber
View source 
class XframeSubscriber implements EventSubscriberInterface {

  /**
   * Drupal's settings manager.
   *
   * @var \Drupal\Core\Config\ConfigFactoryInterface
   */
  protected $config;

  /**
   * XframeSubscriber constructor.
   *
   * @param \Drupal\Core\Config\ConfigFactoryInterface $config_factory
   *   The factory for configuration objects.
   */
  public function __construct(ConfigFactoryInterface $config_factory) {
    $this->config = $config_factory
      ->get('x_frame_options_configuration.settings');
  }

  /**
   * Executes actions on the respose event.
   *
   * @param \Symfony\Component\HttpKernel\Event\FilterResponseEvent $event
   *   Filter Response Event object.
   */
  public function onKernelResponse(FilterResponseEvent $event) {

    // Add the x-frame-options response header with the configured directive.
    $directive = $this->config
      ->get('x_frame_options_configuration.directive', 0);
    $allow_from_uri = Html::escape($this->config
      ->get('x_frame_options_configuration.allow-from-uri', ''));
    $x_frame_options = Html::escape($directive) . ($directive == 'ALLOW-FROM' ? " " . UrlHelper::stripDangerousProtocols($allow_from_uri) : '');
    $response = $event
      ->getResponse();

    // If option selected is ALLOW-ALL, removes header.
    if ($x_frame_options == 'ALLOW-ALL') {
      $response->headers
        ->remove('X-Frame-Options');
    }
    else {
      $response->headers
        ->set('X-Frame-Options', $x_frame_options);
    }
  }

  /**
   * {@inheritdoc}
   */
  public static function getSubscribedEvents() {

    // Adds the event in the list of KernelEvents::RESPONSE with priority -10.
    $events[KernelEvents::RESPONSE][] = [
      'onKernelResponse',
      -10,
    ];
    return $events;
  }

}

Members

Namesort descending Modifiers Type Description Overrides
XframeSubscriber::$config protected property Drupal's settings manager.
XframeSubscriber::getSubscribedEvents public static function Returns an array of event names this subscriber wants to listen to.
XframeSubscriber::onKernelResponse public function Executes actions on the respose event.
XframeSubscriber::__construct public function XframeSubscriber constructor.