public function testGetCsp()
{
$policy = new Http\ContentSecurityPolicy();
$policy->allowInlineScript(true);
$this->childResponse->setContentSecurityPolicy($policy);
$this->assertEquals($policy, $this->childResponse->getContentSecurityPolicy());
}
/**
* Performs the default CSP modifications that may be injected by other
* applications
*
* @param Controller $controller
* @param string $methodName
* @param Response $response
* @return Response
*/
public function afterController($controller, $methodName, Response $response)
{
$policy = !is_null($response->getContentSecurityPolicy()) ? $response->getContentSecurityPolicy() : new ContentSecurityPolicy();
$defaultPolicy = $this->contentSecurityPolicyManager->getDefaultPolicy();
$defaultPolicy = $this->contentSecurityPolicyManager->mergePolicies($defaultPolicy, $policy);
$response->setContentSecurityPolicy($defaultPolicy);
return $response;
}
