api/symfony/Bundle/WebProfilerBundle/Csp/ContentSecurityPolicyHandler.yaml

116 lines
3.3 KiB
YAML
Raw Normal View History

2024-09-26 09:03:21 +00:00
name: ContentSecurityPolicyHandler
class_comment: '# * Handles Content-Security-Policy HTTP header for the WebProfiler
Bundle.
# *
# * @author Romain Neutron <imprec@gmail.com>
# *
# * @internal'
dependencies:
- name: Request
type: class
source: Symfony\Component\HttpFoundation\Request
- name: Response
type: class
source: Symfony\Component\HttpFoundation\Response
properties: []
methods:
- name: getNonces
visibility: public
parameters:
- name: request
- name: response
comment: "# * Handles Content-Security-Policy HTTP header for the WebProfiler Bundle.\n\
# *\n# * @author Romain Neutron <imprec@gmail.com>\n# *\n# * @internal\n# */\n\
# class ContentSecurityPolicyHandler\n# {\n# private bool $cspDisabled = false;\n\
# \n# public function __construct(\n# private NonceGenerator $nonceGenerator,\n\
# ) {\n# }\n# \n# /**\n# * Returns an array of nonces to be used in Twig templates\
\ and Content-Security-Policy headers.\n# *\n# * Nonce can be provided by;\n#\
\ * - The request - In case HTML content is fetched via AJAX and inserted in\
\ DOM, it must use the same nonce as origin\n# * - The response - A call to\
\ getNonces() has already been done previously. Same nonce are returned\n# * \
\ - They are otherwise randomly generated"
- name: disableCsp
visibility: public
parameters: []
comment: '# * Disables Content-Security-Policy.
# *
# * All related headers will be removed.'
- name: updateResponseHeaders
visibility: public
parameters:
- name: request
- name: response
comment: '# * Cleanup temporary headers and updates Content-Security-Policy headers.
# *
# * @return array Nonces used by the bundle in Content-Security-Policy header'
- name: cleanHeaders
visibility: private
parameters:
- name: response
comment: null
- name: removeCspHeaders
visibility: private
parameters:
- name: response
comment: null
- name: updateCspHeaders
visibility: private
parameters:
- name: response
- name: nonces
default: '[]'
comment: '# * Updates Content-Security-Policy headers in a response.'
- name: generateNonce
visibility: private
parameters: []
comment: '# * Generates a valid Content-Security-Policy nonce.'
- name: generateCspHeader
visibility: private
parameters:
- name: directives
comment: '# * Converts a directive set array into Content-Security-Policy header.'
- name: parseDirectives
visibility: private
parameters:
- name: header
comment: '# * Converts a Content-Security-Policy header value into a directive set
array.'
- name: authorizesInline
visibility: private
parameters:
- name: directivesSet
- name: type
comment: '# * Detects if the ''unsafe-inline'' is prevented for a directive within
the directive set.'
- name: hasHashOrNonce
visibility: private
parameters:
- name: directives
comment: null
- name: getDirectiveFallback
visibility: private
parameters:
- name: directiveSet
- name: type
comment: null
- name: getCspHeaders
visibility: private
parameters:
- name: response
comment: '# * Retrieves the Content-Security-Policy headers (either X-Content-Security-Policy
or Content-Security-Policy) from
# * a response.'
traits:
- Symfony\Component\HttpFoundation\Request
- Symfony\Component\HttpFoundation\Response
interfaces: []