Server : Apache System : Linux server2.corals.io 4.18.0-348.2.1.el8_5.x86_64 #1 SMP Mon Nov 15 09:17:08 EST 2021 x86_64 User : corals ( 1002) PHP Version : 7.4.33 Disable Function : exec,passthru,shell_exec,system Directory : /home/corals/old/vendor/magento/framework/App/Response/HeaderProvider/ |
<?php
/**
* Copyright © Magento, Inc. All rights reserved.
* See COPYING.txt for license details.
*/
namespace Magento\Framework\App\Response\HeaderProvider;
use Magento\Framework\App\Response\HeaderProvider\HeaderProviderInterface;
use Magento\Framework\HTTP\Header;
class XssProtection extends AbstractHeaderProvider
{
/**
* @var string
*/
protected $headerName = 'X-XSS-Protection';
/** Matches IE 8 browsers */
const IE_8_USER_AGENT = 'MSIE 8';
/** Value for browsers except IE 8 */
const HEADER_ENABLED = '1; mode=block';
/** Value for IE 8 */
const HEADER_DISABLED = '0';
/**
* @var \Magento\Framework\HTTP\Header
*/
private $headerService;
/**
* @param Header $headerService
*/
public function __construct(Header $headerService)
{
$this->headerService = $headerService;
}
/**
* Header value. Must be disabled for IE 8.
*
* @return string
*/
public function getValue()
{
return strpos($this->headerService->getHttpUserAgent(), self::IE_8_USER_AGENT) === false
? self::HEADER_ENABLED
: self::HEADER_DISABLED;
}
}