name: ContentSecurityPolicyHandler class_comment: '# * Handles Content-Security-Policy HTTP header for the WebProfiler Bundle. # * # * @author Romain Neutron # * # * @internal' dependencies: - name: Request type: class source: Symfony\Component\HttpFoundation\Request - name: Response type: class source: Symfony\Component\HttpFoundation\Response properties: [] methods: - name: getNonces visibility: public parameters: - name: request - name: response comment: "# * Handles Content-Security-Policy HTTP header for the WebProfiler Bundle.\n\ # *\n# * @author Romain Neutron \n# *\n# * @internal\n# */\n\ # class ContentSecurityPolicyHandler\n# {\n# private bool $cspDisabled = false;\n\ # \n# public function __construct(\n# private NonceGenerator $nonceGenerator,\n\ # ) {\n# }\n# \n# /**\n# * Returns an array of nonces to be used in Twig templates\ \ and Content-Security-Policy headers.\n# *\n# * Nonce can be provided by;\n#\ \ * - The request - In case HTML content is fetched via AJAX and inserted in\ \ DOM, it must use the same nonce as origin\n# * - The response - A call to\ \ getNonces() has already been done previously. Same nonce are returned\n# * \ \ - They are otherwise randomly generated" - name: disableCsp visibility: public parameters: [] comment: '# * Disables Content-Security-Policy. # * # * All related headers will be removed.' - name: updateResponseHeaders visibility: public parameters: - name: request - name: response comment: '# * Cleanup temporary headers and updates Content-Security-Policy headers. # * # * @return array Nonces used by the bundle in Content-Security-Policy header' - name: cleanHeaders visibility: private parameters: - name: response comment: null - name: removeCspHeaders visibility: private parameters: - name: response comment: null - name: updateCspHeaders visibility: private parameters: - name: response - name: nonces default: '[]' comment: '# * Updates Content-Security-Policy headers in a response.' - name: generateNonce visibility: private parameters: [] comment: '# * Generates a valid Content-Security-Policy nonce.' - name: generateCspHeader visibility: private parameters: - name: directives comment: '# * Converts a directive set array into Content-Security-Policy header.' - name: parseDirectives visibility: private parameters: - name: header comment: '# * Converts a Content-Security-Policy header value into a directive set array.' - name: authorizesInline visibility: private parameters: - name: directivesSet - name: type comment: '# * Detects if the ''unsafe-inline'' is prevented for a directive within the directive set.' - name: hasHashOrNonce visibility: private parameters: - name: directives comment: null - name: getDirectiveFallback visibility: private parameters: - name: directiveSet - name: type comment: null - name: getCspHeaders visibility: private parameters: - name: response comment: '# * Retrieves the Content-Security-Policy headers (either X-Content-Security-Policy or Content-Security-Policy) from # * a response.' traits: - Symfony\Component\HttpFoundation\Request - Symfony\Component\HttpFoundation\Response interfaces: []