116 lines
3.3 KiB
YAML
116 lines
3.3 KiB
YAML
|
name: ContentSecurityPolicyHandler
|
||
|
class_comment: '# * Handles Content-Security-Policy HTTP header for the WebProfiler
|
||
|
Bundle.
|
||
|
|
||
|
# *
|
||
|
|
||
|
# * @author Romain Neutron <imprec@gmail.com>
|
||
|
|
||
|
# *
|
||
|
|
||
|
# * @internal'
|
||
|
dependencies:
|
||
|
- name: Request
|
||
|
type: class
|
||
|
source: Symfony\Component\HttpFoundation\Request
|
||
|
- name: Response
|
||
|
type: class
|
||
|
source: Symfony\Component\HttpFoundation\Response
|
||
|
properties: []
|
||
|
methods:
|
||
|
- name: getNonces
|
||
|
visibility: public
|
||
|
parameters:
|
||
|
- name: request
|
||
|
- name: response
|
||
|
comment: "# * Handles Content-Security-Policy HTTP header for the WebProfiler Bundle.\n\
|
||
|
# *\n# * @author Romain Neutron <imprec@gmail.com>\n# *\n# * @internal\n# */\n\
|
||
|
# class ContentSecurityPolicyHandler\n# {\n# private bool $cspDisabled = false;\n\
|
||
|
# \n# public function __construct(\n# private NonceGenerator $nonceGenerator,\n\
|
||
|
# ) {\n# }\n# \n# /**\n# * Returns an array of nonces to be used in Twig templates\
|
||
|
\ and Content-Security-Policy headers.\n# *\n# * Nonce can be provided by;\n#\
|
||
|
\ * - The request - In case HTML content is fetched via AJAX and inserted in\
|
||
|
\ DOM, it must use the same nonce as origin\n# * - The response - A call to\
|
||
|
\ getNonces() has already been done previously. Same nonce are returned\n# * \
|
||
|
\ - They are otherwise randomly generated"
|
||
|
- name: disableCsp
|
||
|
visibility: public
|
||
|
parameters: []
|
||
|
comment: '# * Disables Content-Security-Policy.
|
||
|
|
||
|
# *
|
||
|
|
||
|
# * All related headers will be removed.'
|
||
|
- name: updateResponseHeaders
|
||
|
visibility: public
|
||
|
parameters:
|
||
|
- name: request
|
||
|
- name: response
|
||
|
comment: '# * Cleanup temporary headers and updates Content-Security-Policy headers.
|
||
|
|
||
|
# *
|
||
|
|
||
|
# * @return array Nonces used by the bundle in Content-Security-Policy header'
|
||
|
- name: cleanHeaders
|
||
|
visibility: private
|
||
|
parameters:
|
||
|
- name: response
|
||
|
comment: null
|
||
|
- name: removeCspHeaders
|
||
|
visibility: private
|
||
|
parameters:
|
||
|
- name: response
|
||
|
comment: null
|
||
|
- name: updateCspHeaders
|
||
|
visibility: private
|
||
|
parameters:
|
||
|
- name: response
|
||
|
- name: nonces
|
||
|
default: '[]'
|
||
|
comment: '# * Updates Content-Security-Policy headers in a response.'
|
||
|
- name: generateNonce
|
||
|
visibility: private
|
||
|
parameters: []
|
||
|
comment: '# * Generates a valid Content-Security-Policy nonce.'
|
||
|
- name: generateCspHeader
|
||
|
visibility: private
|
||
|
parameters:
|
||
|
- name: directives
|
||
|
comment: '# * Converts a directive set array into Content-Security-Policy header.'
|
||
|
- name: parseDirectives
|
||
|
visibility: private
|
||
|
parameters:
|
||
|
- name: header
|
||
|
comment: '# * Converts a Content-Security-Policy header value into a directive set
|
||
|
array.'
|
||
|
- name: authorizesInline
|
||
|
visibility: private
|
||
|
parameters:
|
||
|
- name: directivesSet
|
||
|
- name: type
|
||
|
comment: '# * Detects if the ''unsafe-inline'' is prevented for a directive within
|
||
|
the directive set.'
|
||
|
- name: hasHashOrNonce
|
||
|
visibility: private
|
||
|
parameters:
|
||
|
- name: directives
|
||
|
comment: null
|
||
|
- name: getDirectiveFallback
|
||
|
visibility: private
|
||
|
parameters:
|
||
|
- name: directiveSet
|
||
|
- name: type
|
||
|
comment: null
|
||
|
- name: getCspHeaders
|
||
|
visibility: private
|
||
|
parameters:
|
||
|
- name: response
|
||
|
comment: '# * Retrieves the Content-Security-Policy headers (either X-Content-Security-Policy
|
||
|
or Content-Security-Policy) from
|
||
|
|
||
|
# * a response.'
|
||
|
traits:
|
||
|
- Symfony\Component\HttpFoundation\Request
|
||
|
- Symfony\Component\HttpFoundation\Response
|
||
|
interfaces: []
|