|
public buildHeaderValue ( |
||
| $request | ||
| $signatures | array | |
private function buildHeaders(DirectiveSet $directiveSet, $reportOnly, $compatHeaders)
{
$headerValue = $directiveSet->buildHeaderValue();
if (!$headerValue) {
return array();
}
$hn = function ($name) use($reportOnly) {
return $name . ($reportOnly ? '-Report-Only' : '');
};
$headers = array($hn('Content-Security-Policy') => $headerValue);
if ($compatHeaders) {
$headers[$hn('X-Content-Security-Policy')] = $headerValue;
}
return $headers;
}
private function buildHeaders(Request $request, DirectiveSet $directiveSet, $reportOnly, $compatHeaders, array $signatures = null)
{
// $signatures might be null if no KernelEvents::REQUEST has been triggered.
// for instance if a security.authentication.failure has been dispatched
$headerValue = $directiveSet->buildHeaderValue($request, $signatures);
if (!$headerValue) {
return array();
}
$hn = function ($name) use($reportOnly) {
return $name . ($reportOnly ? '-Report-Only' : '');
};
$headers = array($hn('Content-Security-Policy') => $headerValue);
if ($compatHeaders) {
$headers[$hn('X-Content-Security-Policy')] = $headerValue;
}
return $headers;
}
public function testDirectiveSetUnset()
{
$directiveSet = new DirectiveSet();
$directiveSet->setDirectives(array('default-src' => 'foo'));
$this->assertEquals('default-src foo', $directiveSet->buildHeaderValue());
$directiveSet->setDirective('default-src', '');
$this->assertEquals('', $directiveSet->buildHeaderValue());
}
