http_response_headers.install

<?php

/**
 * @file
 * HTTP Header manipulations install.
 */

use Drupal\http_response_headers\ResponseHeaderInterface;

/**
 * Implements hook_requirements().
 */
function http_response_headers_requirements($phase) {
  $requirements = array();

  if ($phase == 'runtime') {
    $entity_manager = \Drupal::entityTypeManager()->getStorage('response_header');

    // Report response headers that should be configured.
    $strict_transport_security = $entity_manager->load('strict_transport_security');
    $public_key_pins = $entity_manager->load('public_key_pins');
    if (!isset($strict_transport_security) || $strict_transport_security instanceof ResponseHeaderInterface || empty($strict_transport_security->get('value'))) {
      $requirements['response_header_security_policy'] = array(
        'title' => t('Content Security Policy'),
        'value' => t('Not configured'),
        'description' => t("It is highly recommended to set a secure Content Security Policy. A recommended value would be `default-src https: data: \'unsafe-inline\' \'unsafe-eval\'`. See the <a href=':help'>HTTP Response Headers Help page</a> for more information.", array(':help' => '/admin/help/http_response_headers')),
        'severity' => REQUIREMENT_WARNING,
      );
    }
    if (!isset($public_key_pins) || $public_key_pins instanceof ResponseHeaderInterface || empty($public_key_pins->get('value'))) {
      $requirements['response_header_public_key_pins'] = array(
        'title' => t('Public Key Pins'),
        'value' => t('Not configured'),
        'description' => t("It is highly recommended to configure your Public Key Pins. See the <a href=':help'>HTTP Response Headers Help page</a> for more information.", array(':help' => '/admin/help/http_response_headers')),
        'severity' => REQUIREMENT_WARNING,
      );
    }
  }

  return $requirements;

}