+ added runtime setter

+ added to libraries/response doc

Signed-off-by: Christoph Potas <christoph286@googlemail.com>
This commit is contained in:
Christoph Potas 2018-06-04 09:52:58 +02:00
parent ee5926e883
commit 6c81ee1cc6
No known key found for this signature in database
GPG Key ID: D4A4190F8260D7B0
2 changed files with 21 additions and 0 deletions

View File

@ -438,6 +438,26 @@ class ContentSecurityPolicy
return $this;
}
//--------------------------------------------------------------------
/**
* Adds a new valid endpoint for manifest sources. Can be either
* a URI class or simple string.
*
* @see https://www.w3.org/TR/CSP/#directive-manifest-src
*
* @param $uri
* @param bool $reportOnly
*
* @return $this
*/
public function addManifestSrc($uri, bool $reportOnly = false)
{
$this->addOption($uri, 'manifestSrc', $reportOnly);
return $this;
}
//--------------------------------------------------------------------

View File

@ -179,6 +179,7 @@ class holds a number of methods that map pretty clearly to the appropriate heade
$response->CSP->addFrameAncestor('none', $reportOnly);
$response->CSP->addImageSrc('cdn.example.com', $reportOnly);
$response->CSP->addMediaSrc('cdn.example.com', $reportOnly);
$response->CSP->addManifestSrc('cdn.example.com', $reportOnly);
$response->CSP->addObjectSrc('cdn.example.com', $reportOnly);
$response->CSP->addPluginType('application/pdf', $reportOnly);
$response->CSP->addScriptSrc('scripts.example.com', $reportOnly);