PHP Class ParagonIE\CSPBuilder\CSPBuilder

Show file Open project: paragonie/csp-builder Class Usage Examples

Protected Properties

Property	Type	Description
$supportOldBrowsers	boolean

Public Methods

Method	Description
__construct ( array $policy = [] )
addDirective ( string $key, mixed $value = null ) : self	Add a directive if it doesn't already exist
addSource ( string $directive, string $path ) : self	Add a source to our allow white-list
allowPluginType ( string $mime = 'text/plain' ) : self	Add a plugin type to be added
compile ( ) : string	Compile the current policies into a CSP header
disableOldBrowserSupport ( ) : self	Disable old browser support (e.g. Safari)
enableOldBrowserSupport ( ) : self	Enable old browser support (e.g. Safari)
fromData ( string $data = '' ) : self	Factory method - create a new CSPBuilder object from a JSON data
fromFile ( string $filename = '' ) : self	Factory method - create a new CSPBuilder object from a JSON file
getCompiledHeader ( ) : string	Get the formatted CSP header
getHeaderArray ( boolean $legacy = true ) : array	Get an associative array of headers to return.
hash ( string $directive = 'script-src', string $script = '', string $algorithm = 'sha384' ) : self	Add a new hash to the existing CSP
injectCSPHeader ( Psr\Http\Message\MessageInterface $message, boolean $legacy = false ) : Psr\Http\Message\MessageInterface	PSR-7 header injection
nonce ( string $directive = 'script-src', string $nonce = '' ) : string	Add a new nonce to the existing CSP
preHash ( string $directive = 'script-src', string $hash = '', string $algorithm = 'sha384' ) : self	Add a new (pre-calculated) base64-encoded hash to the existing CSP
saveSnippet ( string $outputFile, string $format = self::FORMAT_NGINX ) : boolean	Save CSP to a snippet file
sendCSPHeader ( boolean $legacy = true ) : boolean	Send the compiled CSP as a header()
setDirective ( string $key, mixed $value = null ) : self	Set a directive

Protected Methods

Method	Description
compileSubgroup ( string $directive, mixed $policies = null ) : string	Compile a subgroup into a policy string
getHeaderKeys ( boolean $legacy = true ) : array	Get an array of header keys to return
isHTTPSConnection ( ) : boolean	Is this user currently connected over HTTPS?

Method Details

__construct() public method

public __construct ( array $policy = [] )
$policy	array

addDirective() public method

If it already exists, do nothing

public addDirective ( string $key, mixed $value = null ) : self
$key	string
$value	mixed
return	self

addSource() public method

Add a source to our allow white-list

public addSource ( string $directive, string $path ) : self
$directive	string
$path	string
return	self

allowPluginType() public method

Add a plugin type to be added

public allowPluginType ( string $mime = 'text/plain' ) : self
$mime	string
return	self

compile() public method

Compile the current policies into a CSP header

public compile ( ) : string
return	string

compileSubgroup() protected method

Compile a subgroup into a policy string

protected compileSubgroup ( string $directive, mixed $policies = null ) : string
$directive	string
$policies	mixed
return	string

disableOldBrowserSupport() public method

Disable old browser support (e.g. Safari)

public disableOldBrowserSupport ( ) : self
return	self

enableOldBrowserSupport() public method

This is enabled by default

public enableOldBrowserSupport ( ) : self
return	self

fromData() public static method

Factory method - create a new CSPBuilder object from a JSON data

public static fromData ( string $data = '' ) : self
$data	string
return	self

fromFile() public static method

Factory method - create a new CSPBuilder object from a JSON file

public static fromFile ( string $filename = '' ) : self
$filename	string
return	self

getCompiledHeader() public method

Get the formatted CSP header

public getCompiledHeader ( ) : string
return	string

getHeaderArray() public method

Get an associative array of headers to return.

public getHeaderArray ( boolean $legacy = true ) : array
$legacy	boolean
return	array

getHeaderKeys() protected method

Get an array of header keys to return

protected getHeaderKeys ( boolean $legacy = true ) : array
$legacy	boolean
return	array

hash() public method

Add a new hash to the existing CSP

public hash ( string $directive = 'script-src', string $script = '', string $algorithm = 'sha384' ) : self
$directive	string
$script	string
$algorithm	string
return	self

injectCSPHeader() public method

PSR-7 header injection

public injectCSPHeader ( Psr\Http\Message\MessageInterface $message, boolean $legacy = false ) : Psr\Http\Message\MessageInterface
$message	Psr\Http\Message\MessageInterface
$legacy	boolean
return	Psr\Http\Message\MessageInterface

isHTTPSConnection() protected method

Is this user currently connected over HTTPS?

protected isHTTPSConnection ( ) : boolean
return	boolean

nonce() public method

Add a new nonce to the existing CSP

public nonce ( string $directive = 'script-src', string $nonce = '' ) : string
$directive	string
$nonce	string	(if empty, it will be generated)
return	string

preHash() public method

Add a new (pre-calculated) base64-encoded hash to the existing CSP

public preHash ( string $directive = 'script-src', string $hash = '', string $algorithm = 'sha384' ) : self
$directive	string
$hash	string
$algorithm	string
return	self

saveSnippet() public method

Save CSP to a snippet file

public saveSnippet ( string $outputFile, string $format = self::FORMAT_NGINX ) : boolean
$outputFile	string	Output file name
$format	string	Which format are we saving in?
return	boolean

sendCSPHeader() public method

Send the compiled CSP as a header()

public sendCSPHeader ( boolean $legacy = true ) : boolean
$legacy	boolean	Send legacy headers?
return	boolean

setDirective() public method

Set a directive

public setDirective ( string $key, mixed $value = null ) : self
$key	string
$value	mixed
return	self

Property Details

$supportOldBrowsers protected property

protected bool $supportOldBrowsers
return	boolean