NSWDPC\Utilities\ContentSecurityPolicy\CSPMiddleware
Apply modifications to the document, e.g add a defined CSP nonce to relevant elements
- Author: james
Synopsis
class CSPMiddleware
implements
HTTPMiddleware
{
- // constants
- const CONTENT_TYPE_HTML = "text/html";
Hierarchy
Implements
- SilverStripe\Control\Middleware\HTTPMiddleware
Constants
Name | Value |
---|---|
CONTENT_TYPE_HTML | "text/html" |
Methods
protected
- applyCSP() — Apply the Content Security Policy changes, if any are required.
- getPolicy() — Return the policy applied, if it can be found, if not or the policy cannot be applied, return false Refer to https://tools.ietf.org/html/rfc7231#section-3.1.1.1 for Content-Type detection Modifications only occur on text/html documents - if a controller returns HTML text but the content-type is not text/html, this will be ignored