CSP adds headers to any response that triggers the KernelEvents::RESPONSE event, but Drupal may serve other content types that CSP is not relevant to.
Check the class / content-type of the response, and only add headers when appropriate
Response Classes to skip:
- \Symfony\Component\HttpFoundation\JsonResponse (\Drupal\Core\Ajax\AjaxResponse is a subclass)
- \Drupal\Core\Routing\LocalRedirectResponse
- \Drupal\rest\ResourceResponse, \Drupal\rest\ModifiedResourceResponse
Content Types to add header to:
- HTML
- XML
- SVG
Needs work
2.0
Code
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.