LeKoala\DeferBackend\CspProvider
A dead simple csp provider
Based on the concept here
Synopsis
class CspProvider
implements
TemplateGlobalProvider
{
- // members
- private static string $default_referrer_policy = "no-referrer-when-downgrade";
- private static bool $enable_hsts = true;
- private static string $hsts_header = 'max-age=300; includeSubDomains; preload; always;';
- private static bool $enable_cst = false;
- private static $csp_report_uri = NULL;
- private static bool $csp_report_only = true;
- protected static $csp_nonce = NULL;
- // methods
- public static array get_template_global_variables()
- public static string getCspNonce()
- public static HTTPResponse addSecurityHeaders()
- public static HTTPResponse addCspHeaders()
Hierarchy
Uses
- SilverStripe\Core\Config\Configurable
Implements
- SilverStripe\View\TemplateGlobalProvider
Members
private
- $csp_report_only — LeKoala\DeferBackend\bool
- $csp_report_uri — string
- $default_referrer_policy — string
- $enable_cst — LeKoala\DeferBackend\bool
- $enable_hsts — LeKoala\DeferBackend\bool
- $hsts_header — string
protected
- $csp_nonce — string
Methods
public
- addCspHeaders() — Add CSP to the response using a flexible strict dynamic way
- addSecurityHeaders()
- getCspNonce()
- get_template_global_variables() — Allows calling getCspNonce in the template for script inclusion