/**
* Parses the header retrieved from the cURL response into
* our Response object.
*
* @param array $headers
*/
protected function setResponseHeaders(array $headers = [])
{
foreach ($headers as $header) {
if (($pos = strpos($header, ':')) !== false) {
$title = substr($header, 0, $pos);
$value = substr($header, $pos + 1);
$this->response->setHeader($title, $value);
} else {
if (substr($header, 0, 4) == 'HTTP') {
preg_match('#^HTTP\\/([12]\\.[01]) ([0-9]+) (.+)#', $header, $matches);
if (isset($matches[1])) {
$this->response->setProtocolVersion($matches[1]);
}
if (isset($matches[2])) {
$this->response->setStatusCode($matches[2], isset($matches[3]) ? $matches[3] : null);
}
}
}
}
}
/**
* Based on the current state of the elements, will add the appropriate
* Content-Security-Policy and Content-Security-Policy-Report-Only headers
* with their values to the response object.
*
* @param ResponseInterface $response
*/
protected function buildHeaders(ResponseInterface &$response)
{
// Ensure both headers are available and arrays...
$response->setHeader('Content-Security-Policy', []);
$response->setHeader('Content-Security-Policy-Report-Only', []);
$directives = ['base-uri' => 'baseURI', 'child-src' => 'childSrc', 'connect-src' => 'connectSrc', 'default-src' => 'defaultSrc', 'font-src' => 'fontSrc', 'form-action' => 'formAction', 'frame-ancestors' => 'frameAncestors', 'img-src' => 'imageSrc', 'media-src' => 'mediaSrc', 'object-src' => 'objectSrc', 'plugin-types' => 'pluginTypes', 'script-src' => 'scriptSrc', 'style-src' => 'styleSrc', 'sandbox' => 'sandbox', 'report-uri' => 'reportURI'];
foreach ($directives as $name => $property) {
// base_uri
if (!empty($this->{$property})) {
$this->addToHeader($name, $this->{$property}, $response);
}
}
}
