Not Working if Response Component Recreated by Module

[shyevsa]

Hello,

Thank you for creating this easy to use extension.

My Question are: Do any reason (security implication or something else) on why the header need to be build in the Application event Application::EVENT_BEFORE_REQUEST

why not build it in the Response before send?

I have issue where I need to Change the Response Component on Modules. in my use case I need different response class on subdomain modules.

My work around is extend the Headers class and attach the header building in Response::class instead on Application

Event::on(Response::class, Response::EVENT_BEFORE_SEND, function () { //build headers policy }

this is also use full when I need to dynamically build the CSP depending on the page. like adding nonce or hash based on the script/css on the page.

[kasoft]

I also need to change CSP values dynamically. So this would be great!