コード例 #1
0
 /**
  * Parses the header retrieved from the cURL response into
  * our Response object.
  *
  * @param array $headers
  */
 protected function setResponseHeaders(array $headers = [])
 {
     foreach ($headers as $header) {
         if (($pos = strpos($header, ':')) !== false) {
             $title = substr($header, 0, $pos);
             $value = substr($header, $pos + 1);
             $this->response->setHeader($title, $value);
         } else {
             if (substr($header, 0, 4) == 'HTTP') {
                 preg_match('#^HTTP\\/([12]\\.[01]) ([0-9]+) (.+)#', $header, $matches);
                 if (isset($matches[1])) {
                     $this->response->setProtocolVersion($matches[1]);
                 }
                 if (isset($matches[2])) {
                     $this->response->setStatusCode($matches[2], isset($matches[3]) ? $matches[3] : null);
                 }
             }
         }
     }
 }
コード例 #2
0
 /**
  * Adds a directive and it's options to the appropriate header. The $values
  * array might have options that are geared toward either the regular or the
  * reportOnly header, since it's viable to have both simultaneously.
  *
  * @param string            $name
  * @param array|string|null $values
  * @param ResponseInterface $response
  */
 protected function addToHeader(string $name, $values = null, ResponseInterface &$response)
 {
     if (empty($values)) {
         // It's possible that directives like 'sandbox' will not
         // have any values passed in, so add them to the main policy.
         $response->appendHeader('Content-Security-Policy', $name);
         return;
     }
     if (is_string($values)) {
         $values = [$values => 0];
     }
     $sources = [];
     $reportSources = [];
     foreach ($values as $value => $reportOnly) {
         if (is_numeric($value) && is_string($reportOnly) && !empty($reportOnly)) {
             $value = $reportOnly;
             $reportOnly = 0;
         }
         if ($reportOnly === true) {
             $reportSources[] = in_array($value, $this->validSources) ? "'{$value}'" : $value;
         } else {
             if (strpos($value, 'nonce-') === 0) {
                 $sources[] = "'{$value}'";
             } else {
                 $sources[] = in_array($value, $this->validSources) ? "'{$value}'" : $value;
             }
         }
     }
     if (count($sources)) {
         $response->appendHeader('Content-Security-Policy', $name . ' ' . implode(' ', $sources));
     }
     if (count($reportSources)) {
         $response->appendHeader('Content-Security-Policy-Report-Only', $name . ' ' . implode(' ', $reportSources));
     }
 }