diff options
author | Mario <mario@mariovavti.com> | 2024-07-06 11:05:22 +0000 |
---|---|---|
committer | Mario <mario@mariovavti.com> | 2024-07-06 11:05:22 +0000 |
commit | 45275910e606a02b12393714ea3b0409da440d61 (patch) | |
tree | 10b2d173d58cb930f8df28fe75af73dd4974c08c /doc/hook/content_security_policy.bb | |
parent | 0c1d0f7498661fb34dcca6f3c6566e757af310a7 (diff) | |
parent | c04e781926a78e514cdf211fa24930a331149072 (diff) | |
download | volse-hubzilla-master.tar.gz volse-hubzilla-master.tar.bz2 volse-hubzilla-master.zip |
Merge branch '9.2RC'master
Diffstat (limited to 'doc/hook/content_security_policy.bb')
-rw-r--r-- | doc/hook/content_security_policy.bb | 39 |
1 files changed, 0 insertions, 39 deletions
diff --git a/doc/hook/content_security_policy.bb b/doc/hook/content_security_policy.bb deleted file mode 100644 index 96b8095ae..000000000 --- a/doc/hook/content_security_policy.bb +++ /dev/null @@ -1,39 +0,0 @@ -[h2]content_security_policy[/h2] - -Called to modify CSP settings prior to the output of the Content-Security-Policy header. - -This hook permits addons to modify the content-security-policy if necessary to allow loading of foreign js libraries or css styles. - -[code] -if(App::$config['system']['content_security_policy']) { - $cspsettings = Array ( - 'script-src' => Array ("'self'","'unsafe-inline'","'unsafe-eval'"), - 'style-src' => Array ("'self'","'unsafe-inline'") - ); - call_hooks('content_security_policy',$cspsettings); - - // Legitimate CSP directives (cxref: https://content-security-policy.com/) - $validcspdirectives=Array( - "default-src", "script-src", "style-src", - "img-src", "connect-src", "font-src", - "object-src", "media-src", 'frame-src', - 'sandbox', 'report-uri', 'child-src', - 'form-action', 'frame-ancestors', 'plugin-types' - ); - $cspheader = "Content-Security-Policy:"; - foreach ($cspsettings as $cspdirective => $csp) { - if (!in_array($cspdirective,$validcspdirectives)) { - logger("INVALID CSP DIRECTIVE: ".$cspdirective,LOGGER_DEBUG); - continue; - } - $cspsettingsarray=array_unique($cspsettings[$cspdirective]); - $cspsetpolicy = implode(' ',$cspsettingsarray); - if ($cspsetpolicy) { - $cspheader .= " ".$cspdirective." ".$cspsetpolicy.";"; - } - } - header($cspheader); -} -[/code] - -see: boot.php |