Skip to content

Commit

Permalink
Merge pull request codeigniter4#9100 from kenjis/docs-ContentSecurity…
Browse files Browse the repository at this point in the history
…Policy

docs: update PHPDoc in ContentSecurityPolicy
  • Loading branch information
kenjis authored Aug 2, 2024
2 parents 6617533 + 5ba2b78 commit 2b3b8ed
Show file tree
Hide file tree
Showing 3 changed files with 21 additions and 10 deletions.
6 changes: 0 additions & 6 deletions phpstan-baseline.php
Original file line number Diff line number Diff line change
Expand Up @@ -5929,12 +5929,6 @@
'count' => 1,
'path' => __DIR__ . '/system/HTTP/ContentSecurityPolicy.php',
];
$ignoreErrors[] = [
// identifier: missingType.iterableValue
'message' => '#^Property CodeIgniter\\\\HTTP\\\\ContentSecurityPolicy\\:\\:\\$validSources type has no value type specified in iterable type array\\.$#',
'count' => 1,
'path' => __DIR__ . '/system/HTTP/ContentSecurityPolicy.php',
];
$ignoreErrors[] = [
// identifier: codeigniter.superglobalAccess
'message' => '#^Accessing offset \'HTTP_USER_AGENT\' directly on \\$_SERVER is discouraged\\.$#',
Expand Down
12 changes: 8 additions & 4 deletions system/HTTP/ContentSecurityPolicy.php
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ class ContentSecurityPolicy
/**
* CSP directives
*
* @var array<string, string>
* @var array<string, string> [name => property]
*/
protected array $directives = [
'base-uri' => 'baseURI',
Expand Down Expand Up @@ -166,7 +166,8 @@ class ContentSecurityPolicy
protected $sandbox = [];

/**
* Used for security enforcement
* A set of endpoints to which csp violation reports will be sent when
* particular behaviors are prevented.
*
* @var string|null
*/
Expand All @@ -189,7 +190,7 @@ class ContentSecurityPolicy
/**
* Used for security enforcement
*
* @var array
* @var list<string>
*/
protected $validSources = [
'self',
Expand Down Expand Up @@ -242,7 +243,7 @@ class ContentSecurityPolicy

/**
* An array of header info since we have
* to build ourself before passing to Response.
* to build ourselves before passing to Response.
*
* @var array
*/
Expand Down Expand Up @@ -594,6 +595,9 @@ public function addPluginType($mime, ?bool $explicitReporting = null)
*
* @see http://www.w3.org/TR/CSP/#directive-report-uri
*
* @param string $uri URL to send reports. Set `''` if you want to remove
* this directive at runtime.
*
* @return $this
*/
public function setReportURI(string $uri)
Expand Down
13 changes: 13 additions & 0 deletions tests/system/HTTP/ContentSecurityPolicyTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -379,6 +379,19 @@ public function testReportURI(): void
$this->assertStringContainsString('report-uri http://example.com/csptracker;', $result);
}

#[PreserveGlobalState(false)]
#[RunInSeparateProcess]
public function testRemoveReportURI(): void
{
$this->prepare();
$this->csp->reportOnly(false);
$this->csp->setReportURI('');
$this->work();

$result = $this->getHeaderEmitted('Content-Security-Policy');
$this->assertStringNotContainsString('report-uri ', $result);
}

#[PreserveGlobalState(false)]
#[RunInSeparateProcess]
public function testSandboxFlags(): void
Expand Down

0 comments on commit 2b3b8ed

Please sign in to comment.