private function addReportOrEnforceNode($reportOrEnforce) { $builder = new TreeBuilder(); $node = $builder->root($reportOrEnforce); $children = $node->children(); // Symfony should not normalize dashes to underlines, e.g. img-src to img_src $node->normalizeKeys(false); $children->booleanNode('level1_fallback')->info('Provides CSP Level 1 fallback when using hash or nonce (CSP level 2) by adding \'unsafe-inline\' source. See https://www.w3.org/TR/CSP2/#directive-script-src and https://www.w3.org/TR/CSP2/#directive-style-src')->defaultValue(true)->end(); $children->arrayNode('browser_adaptive')->canBeEnabled()->info('Do not send directives that browser do not support')->addDefaultsIfNotSet()->children()->scalarNode('parser')->defaultValue('nelmio_security.ua_parser.ua_php')->end()->end()->beforeNormalization()->always(function ($v) { if (!is_array($v)) { @trigger_error("browser_adaptive configuration is now an array. Using boolean is deprecated and will not be supported anymore in version 3", E_USER_DEPRECATED); return array('enabled' => $v, 'parser' => 'nelmio_security.ua_parser.ua_php'); } return $v; })->end()->end(); foreach (DirectiveSet::getNames() as $name => $type) { if (DirectiveSet::TYPE_NO_VALUE === $type) { $children->booleanNode($name)->defaultFalse()->end(); } elseif ($name === 'report-uri') { $children->arrayNode($name)->prototype('scalar')->end()->beforeNormalization()->ifString()->then(function ($value) { return array($value); })->end()->end(); } elseif (DirectiveSet::TYPE_URI_REFERENCE === $type) { $children->scalarNode($name)->end(); } else { $children->arrayNode($name)->prototype('scalar')->end(); } } return $children->end(); }
private function addReportOrEnforceNode($reportOrEnforce) { $builder = new TreeBuilder(); $node = $builder->root($reportOrEnforce); $children = $node->children(); // Symfony should not normalize dashes to underlines, e.g. img-src to img_src $node->normalizeKeys(false); foreach (DirectiveSet::getNames() as $name) { $children->arrayNode($name)->prototype('scalar')->end(); } return $children->end(); }
public static function fromConfig(array $config) { if (array_key_exists('report', $config) || array_key_exists('enforce', $config)) { $enforce = DirectiveSet::fromConfig($config, 'enforce'); $report = DirectiveSet::fromConfig($config, 'report'); } else { // legacy config $directiveSet = DirectiveSet::fromLegacyConfig($config); if (!!$config['report_only']) { $enforce = new DirectiveSet(); $report = $directiveSet; } else { $enforce = $directiveSet; $report = new DirectiveSet(); } } return new self($report, $enforce, !!$config['compat_headers'], $config['hosts']); }
private function buildHeaders(Request $request, DirectiveSet $directiveSet, $reportOnly, $compatHeaders, array $signatures = null) { // $signatures might be null if no KernelEvents::REQUEST has been triggered. // for instance if a security.authentication.failure has been dispatched $headerValue = $directiveSet->buildHeaderValue($request, $signatures); if (!$headerValue) { return array(); } $hn = function ($name) use($reportOnly) { return $name . ($reportOnly ? '-Report-Only' : ''); }; $headers = array($hn('Content-Security-Policy') => $headerValue); if ($compatHeaders) { $headers[$hn('X-Content-Security-Policy')] = $headerValue; } return $headers; }
protected function buildSimpleListener(array $directives, $reportOnly = false, $compatHeaders = true, $contentTypes = array()) { $directiveSet = new DirectiveSet(); $directiveSet->setDirectives($directives); if ($reportOnly) { return new ContentSecurityPolicyListener($directiveSet, new DirectiveSet(), $compatHeaders, $contentTypes); } else { return new ContentSecurityPolicyListener(new DirectiveSet(), $directiveSet, $compatHeaders, $contentTypes); } }
/** * @dataProvider provideConfigAndSignatures */ public function testBuildHeaderValueWithInlineSignatures($expected, $config, $signatures) { $directive = DirectiveSet::fromConfig(new PolicyManager(), $config, 'enforce'); $this->assertSame($expected, $directive->buildHeaderValue(new Request(), $signatures)); }
protected function buildSimpleListener(array $directives, $reportOnly = false, $compatHeaders = true, $contentTypes = array()) { $directiveSet = new DirectiveSet(new PolicyManager()); $directiveSet->setDirectives($directives); if ($reportOnly) { return new ContentSecurityPolicyListener($directiveSet, new DirectiveSet(new PolicyManager()), $this->nonceGenerator, $this->shaComputer, $compatHeaders, $contentTypes); } else { return new ContentSecurityPolicyListener(new DirectiveSet(new PolicyManager()), $directiveSet, $this->nonceGenerator, $this->shaComputer, $compatHeaders, $contentTypes); } }