src/App/Subscriber/HstsSubscriber.php line 44

Open in your IDE?
  1. <?php
  3. namespace App\Subscriber;
  5. use Symfony\Component\DependencyInjection\ParameterBag\ParameterBagInterface;
  6. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  7. use Symfony\Component\HttpKernel\Event\ResponseEvent;
  8. use Symfony\Component\HttpKernel\KernelEvents;
  10. /**
  11.  * Injects HSTS headers for the core domain.
  12.  */
  13. final class HstsSubscriber implements EventSubscriberInterface
  14. {
  15.     public const HSTS_MAX_AGE 30 24 60 60;// 30 days
  17.     /**
  18.      * @var ParameterBagInterface
  19.      */
  20.     protected ParameterBagInterface $params;
  22.     /**
  23.      * @param ParameterBagInterface $params
  24.      */
  25.     public function __construct(ParameterBagInterface $params)
  26.     {
  27.         $this->params $params;
  28.     }
  30.     /**
  31.      *{@inheritDoc}
  32.      */
  33.     public static function getSubscribedEvents(): array
  34.     {
  35.         return [
  36.             KernelEvents::RESPONSE => ['onKernelResponse'PHP_INT_MIN],
  37.         ];
  38.     }
  40.     /**
  41.      * @param ResponseEvent $event
  42.      * @return void
  43.      */
  44.     public function onKernelResponse(ResponseEvent $event): void
  45.     {
  46.         $host $event->getRequest()->getHost();
  47.         if ($event->getRequest()->isSecure() && ($host === $this->params->get('dashboard.hostname') || str_ends_with($host'.' $this->params->get('dashboard.hostname')))) {
  48.             $event->getResponse()->headers->set(
  49.                 'Strict-Transport-Security',
  50.                 sprintf(
  51.                     'max-age=%s',
  52.                     self::HSTS_MAX_AGE,
  53.                 ),
  54.             );
  55.         }
  56.     }
  57. }