Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
Total | |
81.82% |
9 / 11 |
|
33.33% |
1 / 3 |
CRAP | |
0.00% |
0 / 1 |
Csp | |
81.82% |
9 / 11 |
|
33.33% |
1 / 3 |
8.38 | |
0.00% |
0 / 1 |
__construct | |
100.00% |
1 / 1 |
|
100.00% |
1 / 1 |
1 | |||
disablePolicy | |
88.89% |
8 / 9 |
|
0.00% |
0 / 1 |
6.05 | |||
getNonce | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 |
1 | <?php |
2 | |
3 | /** |
4 | * Content Security Policy view helper |
5 | * |
6 | * PHP version 8 |
7 | * |
8 | * Copyright (C) The National Library of Finland 2021. |
9 | * |
10 | * This program is free software; you can redistribute it and/or modify |
11 | * it under the terms of the GNU General Public License version 2, |
12 | * as published by the Free Software Foundation. |
13 | * |
14 | * This program is distributed in the hope that it will be useful, |
15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
17 | * GNU General Public License for more details. |
18 | * |
19 | * You should have received a copy of the GNU General Public License |
20 | * along with this program; if not, write to the Free Software |
21 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA |
22 | * |
23 | * @category VuFind |
24 | * @package View_Helpers |
25 | * @author Ere Maijala <ere.maijala@helsinki.fi> |
26 | * @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License |
27 | * @link http://vufind.org/wiki/vufind2:developer_manual Wiki |
28 | */ |
29 | |
30 | namespace VuFind\View\Helper\Root; |
31 | |
32 | use Laminas\Http\Response; |
33 | |
34 | /** |
35 | * Content Security Policy view helper |
36 | * |
37 | * @category VuFind |
38 | * @package View_Helpers |
39 | * @author Ere Maijala <ere.maijala@helsinki.fi> |
40 | * @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License |
41 | * @link http://vufind.org/wiki/vufind2:developer_manual Wiki |
42 | */ |
43 | class Csp extends \Laminas\View\Helper\AbstractHelper |
44 | { |
45 | /** |
46 | * Constructor |
47 | * |
48 | * @param ?Response $response HTTP Response, if any |
49 | * @param string $nonce CSP nonce |
50 | */ |
51 | public function __construct(protected ?Response $response, protected string $nonce) |
52 | { |
53 | } |
54 | |
55 | /** |
56 | * Disable Content Security Policy by removing the headers |
57 | * |
58 | * @return void |
59 | */ |
60 | public function disablePolicy(): void |
61 | { |
62 | if (null === $this->response) { |
63 | return; |
64 | } |
65 | $headers = $this->response->getHeaders(); |
66 | $fieldsToCheck = [ |
67 | 'Content-Security-Policy', |
68 | 'Content-Security-Policy-Report-Only', |
69 | ]; |
70 | foreach ($fieldsToCheck as $field) { |
71 | if ($cspHeaders = $headers->get($field)) { |
72 | // Make sure the result is iterable (an array cast doesn't work here |
73 | // as a single header may be castable as an array): |
74 | $headerArray = $cspHeaders instanceof \ArrayIterator |
75 | ? $cspHeaders : [$cspHeaders]; |
76 | foreach ($headerArray as $header) { |
77 | $headers->removeHeader($header); |
78 | } |
79 | } |
80 | } |
81 | } |
82 | |
83 | /** |
84 | * Return the current nonce |
85 | * |
86 | * Result is a base64 encoded string that does not need escaping. |
87 | * |
88 | * @return string |
89 | */ |
90 | public function getNonce(): string |
91 | { |
92 | return $this->nonce; |
93 | } |
94 | } |