CWP\Core\Control\InitialisationMiddleware
Initialises CWP-specific configuration settings, to avoid _config.php.
Synopsis
class InitialisationMiddleware
implements
HTTPMiddleware
{
- // members
- private static bool $xss_protection_enabled = true;
- private static bool $egress_proxy_default_enabled = true;
- private static array $egress_proxy_exclude_domains = ;
- private static $strict_transport_security = NULL;
- // methods
- public void process()
- protected void configureEgressProxy()
- protected void configureProxyDomainExclusions()
Hierarchy
Uses
- SilverStripe\Core\Config\Configurable
Implements
- SilverStripe\Control\Middleware\HTTPMiddleware
Members
private
- $egress_proxy_default_enabled
—
CWP\Core\Control\bool
Enable egress proxy. This works on the principle of setting http(s)_proxy environment variables, which will be automatically picked up by curl. This means RestfulService and raw curl requests should work out of the box. Stream-based requests need extra manual configuration. - $egress_proxy_exclude_domains
—
array
Configure the list of domains to bypass proxy by setting the NO_PROXY environment variable. - $strict_transport_security
—
string
Provide a value for the HTTP Strict Transport Security header. - $xss_protection_enabled
—
CWP\Core\Control\bool
Disable the automatically added 'X-XSS-Protection' header that is added to all responses. This should be left alone in most circumstances to include the header. Refer to Mozilla Developer Network for more information: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
Methods
protected
- configureEgressProxy() — If the outbound egress proxy details have been defined in environment variables, configure the proxy variables that are used to configure it.
- configureProxyDomainExclusions() — Configure any domains that should be excluded from egress proxy rules and provide them to the environment