‪TYPO3CMS  ‪main
Directive.php
Go to the documentation of this file.
1 <?php
2 
3 declare(strict_types=1);
4 
5 /*
6  * This file is part of the TYPO3 CMS project.
7  *
8  * It is free software; you can redistribute it and/or modify it under
9  * the terms of the GNU General Public License, either version 2
10  * of the License, or any later version.
11  *
12  * For the full copyright and license information, please read the
13  * LICENSE.txt file that was distributed with this source code.
14  *
15  * The TYPO3 project - inspiring people to share!
16  */
17 
18 namespace ‪TYPO3\CMS\Core\Security\ContentSecurityPolicy;
19 
24 enum ‪Directive: string
25 {
26  private const STAND_ALONE = [
27  self::Sandbox,
28  self::TrustedTypes,
29  self::UpgradeInsecureRequests,
30  ];
31 
32  case DefaultSrc = 'default-src';
33  case BaseUri = 'base-uri';
34  case ChildSrc = 'child-src';
35  case ConnectSrc = 'connect-src';
36  case FontSrc = 'font-src';
37  case FormAction = 'form-action';
38  case FrameAncestors = 'frame-ancestors';
39  case FrameSrc = 'frame-src';
40  case ImgSrc = 'img-src';
41  case ManifestSrc = 'manifest-src';
42  case MediaSrc = 'media-src';
43  case ObjectSrc = 'object-src';
44  // @deprecated (used for Safari, see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/plugin-types)
45  case PluginTypes = 'plugin-types';
46  case ReportTo = 'report-to';
47  // @deprecated (see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/report-uri)
48  // but `report-uri` is still used for being compatible other older browsers
49  case ReportUri = 'report-uri';
50  case RequireTrustedTypesFor = 'require-trusted-types-for';
51  case Sandbox = 'sandbox';
52  case ScriptSrc = 'script-src';
53  case ScriptSrcAttr = 'script-src-attr';
54  case ScriptSrcElem = 'script-src-elem';
55  case StyleSrc = 'style-src';
56  case StyleSrcAttr = 'style-src-attr';
57  case StyleSrcElem = 'style-src-elem';
58  case TrustedTypes = 'trusted-types';
59  case UpgradeInsecureRequests = 'upgrade-insecure-requests';
60  case WorkerSrc = 'worker-src';
61 
65  public function getAncestors(): array
66  {
67  return self::ancestorMap()[$this] ?? [];
68  }
69 
74  public function isMutationReasonable(): bool
75  {
76  return in_array($this, self::reasonableMutationItems(), true);
77  }
78 
83  public function isStandAlone(): bool
84  {
85  return in_array($this, self::STAND_ALONE, true);
86  }
87 
91  private static function ancestorMap(): \WeakMap
92  {
94  $map = new \WeakMap();
95  $map[self::ChildSrc] = [self::DefaultSrc];
96  $map[self::ConnectSrc] = [self::DefaultSrc];
97  $map[self::FontSrc] = [self::DefaultSrc];
98  $map[self::FrameSrc] = [self::ChildSrc, self::DefaultSrc];
99  $map[self::ImgSrc] = [self::DefaultSrc];
100  $map[self::ManifestSrc] = [self::DefaultSrc];
101  $map[self::MediaSrc] = [self::DefaultSrc];
102  $map[self::ObjectSrc] = [self::DefaultSrc];
103  $map[self::ScriptSrc] = [self::DefaultSrc];
104  $map[self::ScriptSrcAttr] = [self::ScriptSrc, self::DefaultSrc];
105  $map[self::ScriptSrcElem] = [self::ScriptSrc, self::DefaultSrc];
106  $map[self::StyleSrc] = [self::DefaultSrc];
107  $map[self::StyleSrcAttr] = [self::StyleSrc, self::DefaultSrc];
108  $map[self::StyleSrcElem] = [self::StyleSrc, self::DefaultSrc];
109  $map[self::WorkerSrc] = [self::ChildSrc, self::ScriptSrc, self::DefaultSrc];
110  return $map;
111  }
112 
116  private static function reasonableMutationItems(): array
117  {
118  return [
119  self::ConnectSrc,
120  self::FontSrc,
121  self::FrameSrc,
122  self::ImgSrc,
123  self::MediaSrc,
124  self::ScriptSrcElem,
125  self::StyleSrcElem,
126  ];
127  }
128 }
‪TYPO3\CMS\Core\Security\ContentSecurityPolicy\Directive
‪Directive
Definition: Directive.php:25
‪TYPO3\CMS\Core\Security\ContentSecurityPolicy
Definition: ConsumableNonce.php:18