From 6c81ee1cc69338cb6f8dcd46e703de778c3eb2a0 Mon Sep 17 00:00:00 2001 From: Christoph Potas Date: Mon, 4 Jun 2018 09:52:58 +0200 Subject: [PATCH] + added runtime setter + added to libraries/response doc Signed-off-by: Christoph Potas --- system/HTTP/ContentSecurityPolicy.php | 20 ++++++++++++++++++++ user_guide_src/source/libraries/response.rst | 1 + 2 files changed, 21 insertions(+) diff --git a/system/HTTP/ContentSecurityPolicy.php b/system/HTTP/ContentSecurityPolicy.php index 1d7dd6f14d..33cc6325e8 100644 --- a/system/HTTP/ContentSecurityPolicy.php +++ b/system/HTTP/ContentSecurityPolicy.php @@ -438,6 +438,26 @@ class ContentSecurityPolicy return $this; } + + //-------------------------------------------------------------------- + + /** + * Adds a new valid endpoint for manifest sources. Can be either + * a URI class or simple string. + * + * @see https://www.w3.org/TR/CSP/#directive-manifest-src + * + * @param $uri + * @param bool $reportOnly + * + * @return $this + */ + public function addManifestSrc($uri, bool $reportOnly = false) + { + $this->addOption($uri, 'manifestSrc', $reportOnly); + + return $this; + } //-------------------------------------------------------------------- diff --git a/user_guide_src/source/libraries/response.rst b/user_guide_src/source/libraries/response.rst index 7c36a0c6bc..8a53b02e6c 100644 --- a/user_guide_src/source/libraries/response.rst +++ b/user_guide_src/source/libraries/response.rst @@ -179,6 +179,7 @@ class holds a number of methods that map pretty clearly to the appropriate heade $response->CSP->addFrameAncestor('none', $reportOnly); $response->CSP->addImageSrc('cdn.example.com', $reportOnly); $response->CSP->addMediaSrc('cdn.example.com', $reportOnly); + $response->CSP->addManifestSrc('cdn.example.com', $reportOnly); $response->CSP->addObjectSrc('cdn.example.com', $reportOnly); $response->CSP->addPluginType('application/pdf', $reportOnly); $response->CSP->addScriptSrc('scripts.example.com', $reportOnly);