NSWDPC\Utilities\ContentSecurityPolicy\Policy
A Content Security Policy policy record
- Author: james.ellis@dpc.nsw.gov.au
Synopsis
class Policy
extends DataObject
implements
PermissionProvider
{
- // constants
- const POLICY_DELIVERY_METHOD_HEADER = 'Header';
- const POLICY_DELIVERY_METHOD_METATAG = 'MetaTag';
- const DEFAULT_REPORTING_GROUP = 'default';
- const DEFAULT_REPORTING_GROUP_NEL = 'network-error-logging';
- const HEADER_CSP_REPORT_ONLY = 'Content-Security-Policy-Report-Only';
- const HEADER_CSP = 'Content-Security-Policy';
- const HEADER_REPORT_TO = 'Report-To';
- const HEADER_NEL = 'NEL';
- const NONCE_INJECT_VIA_REQUIREMENTS = 'requirements';
- const NONCE_INJECT_VIA_MIDDLEWARE = 'middleware';
- // members
- private static string $table_name = 'CspPolicy';
- private static string $singular_name = 'Policy';
- private static string $plural_name = 'Policies';
- private static bool $include_report_to = false;
- private static bool $run_in_modeladmin = false;
- private static array $whitelisted_controllers = ;
- private static bool $include_subdomains = true;
- private static integer $nonce_length = 16;
- private static string $nonce_injection_method = 'requirements';
- private static integer $max_age = 10886400;
- private static boolean $override_apply = false;
- private $merge_from_policy;
- private static array $db = ;
- private static array $defaults = ;
- private static array $summary_fields = ;
- private static array $many_many = ;
- private static array $has_many = ;
- private static string $default_sort = 'IsBasePolicy DESC, Enabled DESC, Title ASC';
- // methods
- public static void getDefaultBasePolicy()
- public static void getPagePolicy()
- public void onAfterWrite()
- public void onBeforeWrite()
- public void DuplicateDirectives()
- public FieldList getCMSFields()
- public void setMergeFromPolicy()
- public void getPolicy()
- private void KeyValue()
- public void HeaderValues()
- public static void parsePolicy()
- public static void getNonceEnabledDirectives()
- public static bool checkCanApply()
- public void canView()
- public void canEdit()
- public void canDelete()
- public void canCreate()
- public void providePermissions()
Hierarchy
Extends
- Silverstripe\ORM\DataObject
Implements
- SilverStripe\Security\PermissionProvider
Tasks
Line | Task |
---|---|
651 | this should be renamed to "bypass" or similar |
Constants
Name | Value |
---|---|
POLICY_DELIVERY_METHOD_HEADER | 'Header' |
POLICY_DELIVERY_METHOD_METATAG | 'MetaTag' |
DEFAULT_REPORTING_GROUP | 'default' |
DEFAULT_REPORTING_GROUP_NEL | 'network-error-logging' |
HEADER_CSP_REPORT_ONLY | 'Content-Security-Policy-Report-Only' |
HEADER_CSP | 'Content-Security-Policy' |
HEADER_REPORT_TO | 'Report-To' |
HEADER_NEL | 'NEL' |
NONCE_INJECT_VIA_REQUIREMENTS | 'requirements' |
NONCE_INJECT_VIA_MIDDLEWARE | 'middleware' |
Members
private
- $db
—
array
Database fields - $default_sort
—
string
Default sort ordering - $defaults
—
array
Default field values - $has_many
—
array
Has_many relationship - $include_report_to — NSWDPC\Utilities\ContentSecurityPolicy\bool
- $include_subdomains — NSWDPC\Utilities\ContentSecurityPolicy\bool
- $many_many
—
array
Many_many relationship - $max_age — int
- $merge_from_policy
- $nonce_injection_method — string
- $nonce_length — int
- $override_apply
—
boolean
Set to true to override the result of self::checkCanApply() - $plural_name — string
- $run_in_modeladmin — NSWDPC\Utilities\ContentSecurityPolicy\bool
- $singular_name — string
- $summary_fields
—
array
Defines summary fields commonly used in table columns as a quick overview of the data for this dataobject - $table_name — string
- $whitelisted_controllers — array
Methods
private
- KeyValue() — Form the policy line key/value pairings
public
- DuplicateDirectives() — Returns an array of duplicate directive Keys found
- HeaderValues() — Header values
- canCreate()
- canDelete()
- canEdit()
- canView()
- checkCanApply() — Check if the policy can be applied based on configuration and the state of the current request
- getCMSFields() — CMS Fields
- getDefaultBasePolicy() — Return the default base policy
- getNonceEnabledDirectives()
- getPagePolicy() — Get a page specific policy based on the Page
- getPolicy() — Retrieve the policy in a format for use in the Header or Meta Tag handling
- onAfterWrite() — Handle changes made after write
- onBeforeWrite() — Event handler called before writing to the database.
- parsePolicy() — Given a policy string, parse out the parts into key value pairs
- providePermissions()
- setMergeFromPolicy() — Takes the Policy provided and merges it into this Policy by matching directives According to MDN "Adding additional policies can only further restrict the capabilities of the protected resource"