SilverStripe CSP headers

CSPBackend extends Requirements_Backend
in package
uses Configurable, CSPBackendTrait

Class Firesphere\CSPHeaders\View\Backend

Table of Contents

Constants

SHA256  = 'sha256'
SHA384  = 'sha384'

Properties

$cssBuilder  : CSSBuilder
$cssSRI  : bool
CSS defaults to false.
$headCSS  : array<string|int, mixed>
CSS to be inserted in to the head
$headJS  : array<string|int, mixed>
JS to be inserted in to the head
$jsBuilder  : JSBuilder
$jsSRI  : bool
JS SRI defaults to true, although it may be problematic CDNs could cause some problems at times.
$useNonce  : bool

Methods

__construct()  : mixed
customCSS()  : void
customScript()  : void
getCssBuilder()  : CSSBuilder
getHeadCSS()  : array<string|int, mixed>
getHeadJS()  : array<string|int, mixed>
getJsBuilder()  : JSBuilder
getTagType()  : string|null
Determine the type of the head tag if it's js or css
includeInHTML()  : string
Copy-paste of the original backend code. There is no way to override this in a more clean way
insertHeadTags()  : void
isCssSRI()  : bool
isJsSRI()  : bool
isUsesNonce()  : bool
javascript()  : void
Register the given JavaScript file as required.
setCssBuilder()  : void
setCssSRI()  : void
setHeadCSS()  : void
setHeadJS()  : void
setJsBuilder()  : void
setJsSRI()  : void
setUsesNonce()  : void
getCSSRequirements()  : array<string|int, mixed>
getHeadTags()  : string
getJSRequirements()  : string
getOptions()  : array<string|int, mixed>
insertContent()  : string
isAsync()  : bool
isDefer()  : bool
shouldContinue()  : bool

Constants

Properties

$cssSRI

CSS defaults to false.

protected static bool $cssSRI

It's causing a lot of trouble with CDNs usually

$headCSS

CSS to be inserted in to the head

protected static array<string|int, mixed> $headCSS = []

$headJS

JS to be inserted in to the head

protected static array<string|int, mixed> $headJS = []

$jsSRI

JS SRI defaults to true, although it may be problematic CDNs could cause some problems at times.

protected static bool $jsSRI

Methods

customCSS()

public customCSS(mixed $script[, null|string $uniquenessID = null ]) : void
Parameters
$script : mixed
$uniquenessID : null|string = null
Tags
inheritDoc

customScript()

public customScript(mixed $script[, mixed $uniquenessID = null ]) : void
Parameters
$script : mixed
$uniquenessID : mixed = null
Tags
inheritDoc

getHeadCSS()

public static getHeadCSS() : array<string|int, mixed>
Return values
array<string|int, mixed>

getHeadJS()

public static getHeadJS() : array<string|int, mixed>
Return values
array<string|int, mixed>

getTagType()

Determine the type of the head tag if it's js or css

public getTagType(string $html) : string|null
Parameters
$html : string
Return values
string|null

includeInHTML()

Copy-paste of the original backend code. There is no way to override this in a more clean way

public includeInHTML(string $content) : string

Update the given HTML content with the appropriate include tags for the registered requirements. Needs to receive a valid HTML/XHTML template in the $content parameter, including a head and body tag.

We need to override the whole method to adjust for SRI in javascript

Parameters
$content : string

HTML content that has already been parsed from the $templateFile through

Tags
throws
ValidationException
Return values
string

HTML content augmented with the requirements tags

insertHeadTags()

public insertHeadTags(string $html[, string|null $uniquenessID = null ]) : void
Parameters
$html : string

Custom HTML code

$uniquenessID : string|null = null

A unique ID that ensures a piece of code is only added once

Tags
inheritDoc

Add the following custom HTML code to the <head> section of the page

isUsesNonce()

public static isUsesNonce() : bool
Return values
bool

javascript()

Register the given JavaScript file as required.

public javascript(string|null $file[, array<string|int, mixed> $options = [] ]) : void
Parameters
$file : string|null

Either relative to docroot or in the form "vendor/package:resource"

$options : array<string|int, mixed> = []

List of options. Available options include:

  • 'provides' : List of scripts files included in this file
  • 'async' : Boolean value to set async attribute to script tag
  • 'defer' : Boolean value to set defer attribute to script tag
  • 'type' : Override script type= value.

setCssSRI()

public static setCssSRI(bool $cssSRI) : void
Parameters
$cssSRI : bool

setHeadCSS()

public static setHeadCSS(array<string|int, mixed> $headCSS) : void
Parameters
$headCSS : array<string|int, mixed>

setHeadJS()

public static setHeadJS(array<string|int, mixed> $headJS) : void
Parameters
$headJS : array<string|int, mixed>

setJsSRI()

public static setJsSRI(bool $jsSRI) : void
Parameters
$jsSRI : bool

setUsesNonce()

public static setUsesNonce(bool $useNonce) : void
Parameters
$useNonce : bool

static::isUseNonce()

getCSSRequirements()

protected getCSSRequirements(array<string|int, mixed> $requirements) : array<string|int, mixed>
Parameters
$requirements : array<string|int, mixed>
Tags
throws
ValidationException
Return values
array<string|int, mixed>

getHeadTags()

protected getHeadTags([array<string|int, mixed> $requirements = [] ]) : string
Parameters
$requirements : array<string|int, mixed> = []
Return values
string

getJSRequirements()

protected getJSRequirements(array<string|int, mixed> $jsRequirements) : string
Parameters
$jsRequirements : array<string|int, mixed>
Tags
throws
ValidationException
Return values
string

getOptions()

protected getOptions(mixed $html) : array<string|int, mixed>
Parameters
$html : mixed
Return values
array<string|int, mixed>

insertContent()

protected insertContent(mixed $content, string $requirements, string $jsRequirements) : string
Parameters
$content : mixed
$requirements : string
$jsRequirements : string
Return values
string

isAsync()

protected isAsync(mixed $file, mixed $options) : bool
Parameters
$file : mixed
$options : mixed
Return values
bool

isDefer()

protected isDefer(mixed $file, mixed $options) : bool
Parameters
$file : mixed
$options : mixed
Return values
bool

shouldContinue()

protected shouldContinue(mixed $content) : bool
Parameters
$content : mixed
Return values
bool 

        

        
    




    

    

                                

                

                                
    

        On this page

        
    


                

                            

            

    

        

            
Search results