<?php
declare (strict_types=1);
use Airship\Engine\{AutoPilot, State};
use ParagonIE\Cookie\{Cookie, Session};
/**
* @global State $state
*/
// Start the session
if (!Session::id()) {
if (!isset($state)) {
$state = State::instance();
}
$session_config = ['use_strict_mode' => true, 'entropy_length' => 32, 'cookie_httponly' => true, 'cookie_secure' => AutoPilot::isHTTPSConnection()];
if (isset($state->universal['session_config'])) {
$session_config = $state->universal['session_config'] + $session_config;
if (isset($session_config['cookie_domain'])) {
if ($session_config['cookie_domain'] === '*' || \trim($session_config['cookie_domain']) === '') {
unset($session_config['cookie_domain']);
}
}
}
if (\PHP_VERSION_ID >= 70100) {
// Forward compatibility.
unset($session_config['entropy_length']);
}
Session::start(Cookie::SAME_SITE_RESTRICTION_STRICT, $session_config);
}
if (empty($_SESSION['created_canary'])) {
// We haven't seen this session ID before
$_SESSION = [];
if (!empty($cabinPolicy['inherit'])) {
$basePolicy = \Airship\loadJSON(ROOT . '/config/content_security_policy.json');
$cabinPolicy = \Airship\csp_merge($cabinPolicy, $basePolicy);
}
\Airship\saveJSON($cspCacheFile, $cabinPolicy);
$csp = CSPBuilder::fromFile($cspCacheFile);
} else {
// No cabin policy, use the default
$csp = CSPBuilder::fromFile(ROOT . '/config/content_security_policy.json');
}
}
$state->CSP = $csp;
/**
* Next, if we're connected over HTTPS, send an HPKP header too:
*/
if (AutoPilot::isHTTPSConnection()) {
$hpkpCacheFile = ROOT . '/tmp/cache/hpkp.' . AutoPilot::$active_cabin . '.json';
if (\file_exists($hpkpCacheFile) && \filesize($hpkpCacheFile) > 0) {
$hpkp = HPKPBuilder::fromFile($hpkpCacheFile);
$state->HPKP = $hpkp;
} else {
$hpkpConfig = $state->cabins[AutoPilot::$cabinIndex]['hpkp'];
if ($hpkpConfig['enabled'] && \count($hpkpConfig['hashes']) > 1) {
$hpkp = (new HPKPBuilder())->includeSubdomains($hpkpConfig['include-subdomains'])->maxAge($hpkpConfig['max-age'])->reportOnly($hpkpConfig['report-only'])->reportUri($hpkpConfig['report-uri']);
foreach ($hpkpConfig['hashes'] as $h) {
$hpkp->addHash($h['hash'], (string) ($h['algo'] ?? 'sha256'));
}
\file_put_contents($hpkpCacheFile, $hpkp->getJSON());
$state->HPKP = $hpkp;
} else {
$state->HPKP = null;
/**
* @return bool
*/
protected function isHTTPS() : bool
{
return AutoPilot::isHTTPSConnection();
}
