From f176329d6c8d21df25fe61ddd86bbb7e521e6594 Mon Sep 17 00:00:00 2001
From: Dennis Eichhorn <spl1nes.com@googlemail.com>
Date: Fri, 15 Jul 2016 21:19:27 +0200
Subject: [PATCH] Pull out security header check

---
 Message/Http/Header.php | 28 +++++++++++++++++++++++-----
 1 file changed, 23 insertions(+), 5 deletions(-)

diff --git a/Message/Http/Header.php b/Message/Http/Header.php
index bbc45e8ae..eb173cb4c 100644
--- a/Message/Http/Header.php
+++ b/Message/Http/Header.php
@@ -114,6 +114,26 @@ class Header extends HeaderAbstract
         return array_key_exists($key, $this->header);
     }
 
+    /**
+     * Is security header.
+     *
+     * @param string $key Header key
+     *
+     * @return bool
+     *
+     * @throws \Exception
+     *
+     * @since  1.0.0
+     * @author Dennis Eichhorn <d.eichhorn@oms.com>
+     */
+    private function isSecurityHeader(string $key) : bool
+    {
+        return $key === 'content-security-policy' ||
+            $key === 'x-xss-protection' ||
+            $key === 'x-content-type-options' ||
+            $key === 'x-frame-options';
+    }
+
     /**
      * {@inheritdoc}
      */
@@ -128,10 +148,7 @@ class Header extends HeaderAbstract
         if (!$overwrite && isset($this->header[$key])) {
             return false;
         } elseif ($overwrite && isset($this->header[$key])) {
-            if($key === 'content-security-policy' ||
-                $key === 'x-xss-protection' ||
-                $key === 'x-content-type-options' ||
-                $key === 'x-frame-options') {
+            if ($this->isSecurityHeader($key)) {
                 throw new \Exception('Cannot change security headers.');
             }
 
@@ -202,7 +219,8 @@ class Header extends HeaderAbstract
      * @since  1.0.0
      * @author Dennis Eichhorn <d.eichhorn@oms.com>
      */
-    public static function getStatusCode() : int {
+    public static function getStatusCode() : int
+    {
         return http_response_code();
     }