<?phpnamespace AppBundle\EventSubscriber;use Symfony\Component\HttpKernel\Event\FilterResponseEvent;use Symfony\Component\HttpKernel\KernelEvents;use Symfony\Component\EventDispatcher\EventSubscriberInterface;class CSPSubscriber implements EventSubscriberInterface{ public function onKernelResponse(FilterResponseEvent $event) { $response = $event->getResponse(); $policy = "default-src 'self' 'unsafe-inline';" . "script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com " . "ajax.googleapis.com maps.googleapis.com maps.gstatic.com " . "www.googletagmanager.com www.google-analytics.com " . "ssl.google-analytics.com www.googleadservices.com" . "stats.g.doubleclick.net googleads.g.doubleclick.net " . "https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ " . "c.seznam.cz;" . "frame-src https://www.google.com/recaptcha/ https://www.google.com/maps/ https://www.rezidencesmichovcity.cz/ https://tour.vrspace.cz/ seznam.cz;" . "style-src 'self' 'unsafe-inline' code.jquery.com fonts.googleapis.com c.seznam.cz;" . "font-src 'self' 'unsafe-inline' data: fonts.gstatic.com;" . "child-src 'self' 'unsafe-inline' www.google.com tour.vrspace.cz www.rezidencesmichovcity.cz;" . "img-src 'self' data: www.googletagmanager.com www.google-analytics.com c.imedia.cz c.seznam.cz h.seznam.cz www.google.com www.google.cz stats.g.doubleclick.net;" . "connect-src 'self' www.google-analytics.com stats.g.doubleclick.net;"; $response->headers->set("Content-Security-Policy", $policy); $response->headers->set("Strict-Transport-Security", "max-age=63072000"); $response->headers->set("X-Frame-Options", "DENY"); $response->headers->set("X-Content-Type-Options", "nosniff"); $response->headers->set("X-XSS-Protection", "1; mode=block"); } public static function getSubscribedEvents() { return [ KernelEvents::RESPONSE => 'onKernelResponse' ]; }}