Set security headers to response

Signed-off-by: Xheni Myrtaj <myrtajxheni@gmail.com>

Author: xh3n1

composer.json

@@ -128,6 +128,9 @@
                         "messages": {
                             "Symfony\\Component\\HttpKernel\\Exception\\BadRequestHttpException": true
                         }
+                    },
+                    "service": {
+                        "view_handler": "my.secure_view_handler"
 
                     }
                 }

config/services.yml

@@ -4,3 +4,11 @@ services:
         public: true
         autowire: true
         tags: ['controller.service_arguments']
+
+    my.secure_handler:
+      class: \PhpList\RestBundle\ViewHandler\SecuredViewHandler
+
+    my.secure_view_handler:
+      parent: fos_rest.view_handler.default
+      calls:
+       - ['registerHandler', [ 'json', ["@my.secure_handler", 'createResponse'] ] ]

src/ViewHandler/SecuredViewHandler.php

@@ -0,0 +1,36 @@
+<?php
+declare(strict_types=1);
+
+namespace PhpList\RestBundle\ViewHandler;
+
+use FOS\RestBundle\View\View;
+use FOS\RestBundle\View\ViewHandler;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
+
+/**
+ * This class is used to add headers to the default response.
+ * @author Xheni Myrtaj <xheni@phplist.com> .
+ */
+class SecuredViewHandler
+{
+
+    /**
+     * @param ViewHandler $viewHandler
+     * @param View        $view
+     * @param Request     $request
+     * @param string      $format
+     *
+     * @return Response
+     */
+    public function createResponse(ViewHandler $handler, View $view, Request $request, $format)
+    {
+        $view->setHeaders([
+            'X-Content-Type-Options' => 'nosniff',
+            'Content-Security-Policy' => "default-src 'none'",
+            'X-Frame-Options' => 'DENY'
+        ]);
+
+        return $handler->createResponse($view, $request, $format);
+    }
+}