private function addReportOrEnforceNode($reportOrEnforce)
{
$builder = new TreeBuilder();
$node = $builder->root($reportOrEnforce);
$children = $node->children();
// Symfony should not normalize dashes to underlines, e.g. img-src to img_src
$node->normalizeKeys(false);
$children->booleanNode('level1_fallback')->info('Provides CSP Level 1 fallback when using hash or nonce (CSP level 2) by adding \'unsafe-inline\' source. See https://www.w3.org/TR/CSP2/#directive-script-src and https://www.w3.org/TR/CSP2/#directive-style-src')->defaultValue(true)->end();
$children->arrayNode('browser_adaptive')->canBeEnabled()->info('Do not send directives that browser do not support')->addDefaultsIfNotSet()->children()->scalarNode('parser')->defaultValue('nelmio_security.ua_parser.ua_php')->end()->end()->beforeNormalization()->always(function ($v) {
if (!is_array($v)) {
@trigger_error("browser_adaptive configuration is now an array. Using boolean is deprecated and will not be supported anymore in version 3", E_USER_DEPRECATED);
return array('enabled' => $v, 'parser' => 'nelmio_security.ua_parser.ua_php');
}
return $v;
})->end()->end();
foreach (DirectiveSet::getNames() as $name => $type) {
if (DirectiveSet::TYPE_NO_VALUE === $type) {
$children->booleanNode($name)->defaultFalse()->end();
} elseif ($name === 'report-uri') {
$children->arrayNode($name)->prototype('scalar')->end()->beforeNormalization()->ifString()->then(function ($value) {
return array($value);
})->end()->end();
} elseif (DirectiveSet::TYPE_URI_REFERENCE === $type) {
$children->scalarNode($name)->end();
} else {
$children->arrayNode($name)->prototype('scalar')->end();
}
}
return $children->end();
}
private function addReportOrEnforceNode($reportOrEnforce)
{
$builder = new TreeBuilder();
$node = $builder->root($reportOrEnforce);
$children = $node->children();
// Symfony should not normalize dashes to underlines, e.g. img-src to img_src
$node->normalizeKeys(false);
foreach (DirectiveSet::getNames() as $name) {
$children->arrayNode($name)->prototype('scalar')->end();
}
return $children->end();
}
public static function fromConfig(array $config)
{
if (array_key_exists('report', $config) || array_key_exists('enforce', $config)) {
$enforce = DirectiveSet::fromConfig($config, 'enforce');
$report = DirectiveSet::fromConfig($config, 'report');
} else {
// legacy config
$directiveSet = DirectiveSet::fromLegacyConfig($config);
if (!!$config['report_only']) {
$enforce = new DirectiveSet();
$report = $directiveSet;
} else {
$enforce = $directiveSet;
$report = new DirectiveSet();
}
}
return new self($report, $enforce, !!$config['compat_headers'], $config['hosts']);
}
private function buildHeaders(Request $request, DirectiveSet $directiveSet, $reportOnly, $compatHeaders, array $signatures = null)
{
// $signatures might be null if no KernelEvents::REQUEST has been triggered.
// for instance if a security.authentication.failure has been dispatched
$headerValue = $directiveSet->buildHeaderValue($request, $signatures);
if (!$headerValue) {
return array();
}
$hn = function ($name) use($reportOnly) {
return $name . ($reportOnly ? '-Report-Only' : '');
};
$headers = array($hn('Content-Security-Policy') => $headerValue);
if ($compatHeaders) {
$headers[$hn('X-Content-Security-Policy')] = $headerValue;
}
return $headers;
}
protected function buildSimpleListener(array $directives, $reportOnly = false, $compatHeaders = true, $contentTypes = array())
{
$directiveSet = new DirectiveSet();
$directiveSet->setDirectives($directives);
if ($reportOnly) {
return new ContentSecurityPolicyListener($directiveSet, new DirectiveSet(), $compatHeaders, $contentTypes);
} else {
return new ContentSecurityPolicyListener(new DirectiveSet(), $directiveSet, $compatHeaders, $contentTypes);
}
}
/**
* @dataProvider provideConfigAndSignatures
*/
public function testBuildHeaderValueWithInlineSignatures($expected, $config, $signatures)
{
$directive = DirectiveSet::fromConfig(new PolicyManager(), $config, 'enforce');
$this->assertSame($expected, $directive->buildHeaderValue(new Request(), $signatures));
}
protected function buildSimpleListener(array $directives, $reportOnly = false, $compatHeaders = true, $contentTypes = array())
{
$directiveSet = new DirectiveSet(new PolicyManager());
$directiveSet->setDirectives($directives);
if ($reportOnly) {
return new ContentSecurityPolicyListener($directiveSet, new DirectiveSet(new PolicyManager()), $this->nonceGenerator, $this->shaComputer, $compatHeaders, $contentTypes);
} else {
return new ContentSecurityPolicyListener(new DirectiveSet(new PolicyManager()), $directiveSet, $this->nonceGenerator, $this->shaComputer, $compatHeaders, $contentTypes);
}
}