Set custom security-header for the phpinfo page

tvdijen · tvdijen · commit 6caa17dc175e · 2024-04-08T17:28:23.000+02:00
diff --git a/modules/admin/src/Controller/Config.php b/modules/admin/src/Controller/Config.php
@@ -180,7 +180,13 @@ public function phpinfo(/** @scrutinizer ignore-unused */ Request $request): Res
             return $response;
         }
 
-        return new StreamedResponse('phpinfo');
+        $response = new StreamedResponse('phpinfo');
+        $response->headers->set(
+            'Content-Security-Policy',
+            "default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; frame-ancestors 'self';",
+        );
+
+        return $response;
     }
 
     /**

Original file line number	Diff line number	Diff line change
`@@ -180,7 +180,13 @@ public function phpinfo(/** @scrutinizer ignore-unused */ Request $request): Res`
`180`	`180`	`return $response;`
`181`	`181`	`}`
`182`	`182`
`183`		`- return new StreamedResponse('phpinfo');`
	`183`	`+ $response = new StreamedResponse('phpinfo');`
	`184`	`+ $response->headers->set(`
	`185`	`+ 'Content-Security-Policy',`
	`186`	`+ "default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; frame-ancestors 'self';",`
	`187`	`+ );`
	`188`	`+`
	`189`	`+ return $response;`
`184`	`190`	`}`
`185`	`191`
`186`	`192`	`/**`