‪TYPO3CMS  ‪main
SourceKeyword.php
Go to the documentation of this file.
1 <?php
2 
3 declare(strict_types=1);
4 
5 /*
6  * This file is part of the TYPO3 CMS project.
7  *
8  * It is free software; you can redistribute it and/or modify it under
9  * the terms of the GNU General Public License, either version 2
10  * of the License, or any later version.
11  *
12  * For the full copyright and license information, please read the
13  * LICENSE.txt file that was distributed with this source code.
14  *
15  * The TYPO3 project - inspiring people to share!
16  */
17 
18 namespace ‪TYPO3\CMS\Core\Security\ContentSecurityPolicy;
19 
24 enum ‪SourceKeyword: string implements ‪SourceInterface
25 {
26  case none = 'none';
27  case self = 'self';
28  case unsafeInline = 'unsafe-inline';
29  case unsafeEval = 'unsafe-eval';
30  // see https://www.w3.org/TR/CSP3/#unsafe-hashes-usage
31  case unsafeHashes = 'unsafe-hashes';
32  case wasmUnsafeEval = 'wasm-unsafe-eval';
33  case reportSample = 'report-sample';
34  case strictDynamic = 'strict-dynamic';
35  // nonce proxy is substituted when compiling the whole policy
36  // (this value does NOT exist in the CSP definition, it's specific to TYPO3 only)
37  case nonceProxy = 'nonce-proxy';
38 
39  public function ‪vetoes(): bool
40  {
41  return $this === self::none;
42  }
43 
44  public function isApplicable(‪Directive $directive): bool
45  {
46  // temporary, internal \WeakMap
47  $onlyApplicableTo = new \WeakMap();
48  $onlyApplicableTo[self::reportSample] = [
49  Directive::ScriptSrc, Directive::ScriptSrcAttr, Directive::ScriptSrcElem,
50  Directive::StyleSrc, Directive::StyleSrcAttr, Directive::StyleSrcElem,
51  ];
52  $onlyApplicableTo[self::strictDynamic] = [
53  Directive::ScriptSrc, Directive::ScriptSrcAttr, Directive::ScriptSrcElem,
54  ];
55  return !isset($onlyApplicableTo[$this]) || in_array($directive, $onlyApplicableTo[$this], true);
56  }
57 
58  public function applySourceImplications(‪SourceCollection $sources): ?‪SourceCollection
59  {
60  // apply implications for `'strict-dynamic'`
61  if ($this === self::strictDynamic) {
62  // add nonce-proxy in case it's not defined
63  if (!$sources->‪contains(self::nonceProxy)) {
64  return $sources->‪with(self::nonceProxy);
65  }
66  }
67  return null;
68  }
69 }
‪TYPO3\CMS\Core\Security\ContentSecurityPolicy\Directive
‪Directive
Definition: Directive.php:25
‪TYPO3\CMS\Core\Security\ContentSecurityPolicy\SourceCollection
Definition: SourceCollection.php:27
‪TYPO3\CMS\Core\Security\ContentSecurityPolicy\vetoes
‪@ vetoes
Definition: SourceKeyword.php:39
‪TYPO3\CMS\Core\Security\ContentSecurityPolicy\SourceInterface
Definition: SourceInterface.php:27
‪TYPO3\CMS\Core\Security\ContentSecurityPolicy\SourceCollection\contains
‪contains(SourceInterface ... $subjects)
Definition: SourceCollection.php:102
‪TYPO3\CMS\Core\Security\ContentSecurityPolicy
Definition: ConsumableNonce.php:18
‪TYPO3\CMS\Core\Security\ContentSecurityPolicy\SourceKeyword
‪SourceKeyword
Definition: SourceKeyword.php:25
‪TYPO3\CMS\Core\Security\ContentSecurityPolicy\SourceCollection\with
‪with(SourceInterface ... $subjects)
Definition: SourceCollection.php:53