<?php declare (strict_types=1); use Airship\Engine\{AutoPilot, State}; use ParagonIE\Cookie\{Cookie, Session}; /** * @global State $state */ // Start the session if (!Session::id()) { if (!isset($state)) { $state = State::instance(); } $session_config = ['use_strict_mode' => true, 'entropy_length' => 32, 'cookie_httponly' => true, 'cookie_secure' => AutoPilot::isHTTPSConnection()]; if (isset($state->universal['session_config'])) { $session_config = $state->universal['session_config'] + $session_config; if (isset($session_config['cookie_domain'])) { if ($session_config['cookie_domain'] === '*' || \trim($session_config['cookie_domain']) === '') { unset($session_config['cookie_domain']); } } } if (\PHP_VERSION_ID >= 70100) { // Forward compatibility. unset($session_config['entropy_length']); } Session::start(Cookie::SAME_SITE_RESTRICTION_STRICT, $session_config); } if (empty($_SESSION['created_canary'])) { // We haven't seen this session ID before $_SESSION = [];
if (!empty($cabinPolicy['inherit'])) { $basePolicy = \Airship\loadJSON(ROOT . '/config/content_security_policy.json'); $cabinPolicy = \Airship\csp_merge($cabinPolicy, $basePolicy); } \Airship\saveJSON($cspCacheFile, $cabinPolicy); $csp = CSPBuilder::fromFile($cspCacheFile); } else { // No cabin policy, use the default $csp = CSPBuilder::fromFile(ROOT . '/config/content_security_policy.json'); } } $state->CSP = $csp; /** * Next, if we're connected over HTTPS, send an HPKP header too: */ if (AutoPilot::isHTTPSConnection()) { $hpkpCacheFile = ROOT . '/tmp/cache/hpkp.' . AutoPilot::$active_cabin . '.json'; if (\file_exists($hpkpCacheFile) && \filesize($hpkpCacheFile) > 0) { $hpkp = HPKPBuilder::fromFile($hpkpCacheFile); $state->HPKP = $hpkp; } else { $hpkpConfig = $state->cabins[AutoPilot::$cabinIndex]['hpkp']; if ($hpkpConfig['enabled'] && \count($hpkpConfig['hashes']) > 1) { $hpkp = (new HPKPBuilder())->includeSubdomains($hpkpConfig['include-subdomains'])->maxAge($hpkpConfig['max-age'])->reportOnly($hpkpConfig['report-only'])->reportUri($hpkpConfig['report-uri']); foreach ($hpkpConfig['hashes'] as $h) { $hpkp->addHash($h['hash'], (string) ($h['algo'] ?? 'sha256')); } \file_put_contents($hpkpCacheFile, $hpkp->getJSON()); $state->HPKP = $hpkp; } else { $state->HPKP = null;
/** * @return bool */ protected function isHTTPS() : bool { return AutoPilot::isHTTPSConnection(); }