mirror of
https://github.com/codeigniter4/CodeIgniter4.git
synced 2025-02-20 11:44:28 +08:00
Merge pull request #1060 from puschie286/AddManifestToCSP
Added manifest to ContentSecurityPolicy
This commit is contained in:
commit
d128368513
@ -38,6 +38,8 @@ class ContentSecurityPolicy extends BaseConfig
|
||||
public $mediaSrc = null;
|
||||
|
||||
public $objectSrc = null;
|
||||
|
||||
public $manifestSrc = null;
|
||||
|
||||
public $pluginTypes = null;
|
||||
|
||||
|
@ -140,6 +140,12 @@ class ContentSecurityPolicy
|
||||
* @var array
|
||||
*/
|
||||
protected $styleSrc = [];
|
||||
|
||||
/**
|
||||
* Used for security enforcement
|
||||
* @var array
|
||||
*/
|
||||
protected $manifestSrc = [];
|
||||
|
||||
/**
|
||||
* Used for security enforcement
|
||||
@ -432,6 +438,26 @@ class ContentSecurityPolicy
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
//--------------------------------------------------------------------
|
||||
|
||||
/**
|
||||
* Adds a new valid endpoint for manifest sources. Can be either
|
||||
* a URI class or simple string.
|
||||
*
|
||||
* @see https://www.w3.org/TR/CSP/#directive-manifest-src
|
||||
*
|
||||
* @param $uri
|
||||
* @param bool $reportOnly
|
||||
*
|
||||
* @return $this
|
||||
*/
|
||||
public function addManifestSrc($uri, bool $reportOnly = false)
|
||||
{
|
||||
$this->addOption($uri, 'manifestSrc', $reportOnly);
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
//--------------------------------------------------------------------
|
||||
|
||||
@ -688,6 +714,7 @@ class ContentSecurityPolicy
|
||||
'plugin-types' => 'pluginTypes',
|
||||
'script-src' => 'scriptSrc',
|
||||
'style-src' => 'styleSrc',
|
||||
'manifest-src' => 'manifestSrc',
|
||||
'sandbox' => 'sandbox',
|
||||
'report-uri' => 'reportURI'
|
||||
];
|
||||
|
@ -179,6 +179,7 @@ class holds a number of methods that map pretty clearly to the appropriate heade
|
||||
$response->CSP->addFrameAncestor('none', $reportOnly);
|
||||
$response->CSP->addImageSrc('cdn.example.com', $reportOnly);
|
||||
$response->CSP->addMediaSrc('cdn.example.com', $reportOnly);
|
||||
$response->CSP->addManifestSrc('cdn.example.com', $reportOnly);
|
||||
$response->CSP->addObjectSrc('cdn.example.com', $reportOnly);
|
||||
$response->CSP->addPluginType('application/pdf', $reportOnly);
|
||||
$response->CSP->addScriptSrc('scripts.example.com', $reportOnly);
|
||||
|
Loading…
x
Reference in New Issue
Block a user