‪TYPO3CMS  ‪main
Public Member Functions | Protected Member Functions | Protected Attributes | List of all members
TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy Class Reference

Public Member Functions

 __construct (SourceCollection|SourceInterface ... $sources)
 
 isEmpty ()
 
 mutate (MutationCollection|Mutation ... $mutations)
 
 default (SourceCollection|SourceInterface ... $sources)
 
 append (Directive $directive, SourceCollection|SourceInterface ... $sources)
 
 inherit (Directive $directive, bool $again=false)
 
 extend (Directive $directive, SourceCollection|SourceInterface ... $sources)
 
 reduce (Directive $directive, SourceCollection|SourceInterface ... $sources)
 
 set (Directive $directive, SourceCollection|SourceInterface ... $sources)
 
 remove (Directive $directive)
 
 report (UriValue $reportUri)
 
 has (Directive $directive)
 
 prepare ()
 
 compile (ConsumableNonce $nonce, ?FrontendInterface $cache=null)
 
 containsDirective (Directive $directive, SourceCollection|SourceInterface ... $sources)
 
 coversDirective (Directive $directive, SourceCollection|SourceInterface ... $sources)
 
 contains (Policy $other)
 
 covers (Policy $other)
 

Protected Member Functions

 compareSources (SourceInterface $a, SourceInterface $b)
 
 changeDirectiveSources (Directive $directive, SourceCollection $sources)
 
 asMergedSourceCollection (SourceCollection|SourceInterface ... $subjects)
 
 purgeNonApplicableSources (Directive $directive, SourceCollection $collection)
 

Protected Attributes

Map $directives
 

Detailed Description

Representation of the whole Content-Security-Policy see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy

This implementation still might be adjusted

Definition at line 30 of file Policy.php.

Constructor & Destructor Documentation

◆ __construct()

TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy::__construct ( SourceCollection|SourceInterface ...  $sources)
Parameters
SourceCollection|SourceInterface‪...$sources (optional) default-src sources

Definition at line 40 of file Policy.php.

References TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy\asMergedSourceCollection(), and TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy\purgeNonApplicableSources().

Member Function Documentation

◆ append()

TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy::append ( Directive  $directive,
SourceCollection|SourceInterface ...  $sources 
)

Appends to an existing directive, or a new source collection in case it was empty.

Definition at line 95 of file Policy.php.

References TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy\asMergedSourceCollection(), TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy\changeDirectiveSources(), and TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy\purgeNonApplicableSources().

◆ asMergedSourceCollection()

TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy::asMergedSourceCollection ( SourceCollection|SourceInterface ...  $subjects)
protected

Definition at line 309 of file Policy.php.

Referenced by TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy\__construct(), TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy\append(), TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy\containsDirective(), TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy\coversDirective(), TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy\inherit(), TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy\reduce(), and TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy\set().

◆ changeDirectiveSources()

TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy::changeDirectiveSources ( Directive  $directive,
SourceCollection  $sources 
)
protected

Definition at line 299 of file Policy.php.

References TYPO3\CMS\Core\Security\ContentSecurityPolicy\SourceCollection\isEmpty().

Referenced by TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy\append(), TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy\inherit(), TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy\reduce(), and TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy\set().

◆ compareSources()

TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy::compareSources ( SourceInterface  $a,
SourceInterface  $b 
)
protected

Definition at line 293 of file Policy.php.

◆ compile()

TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy::compile ( ConsumableNonce  $nonce,
?FrontendInterface  $cache = null 
)

Compiles this policy and returns the serialized representation to be used as HTTP header value.

Parameters
ConsumableNonce$nonce‪used to substitute SourceKeyword::nonceProxy items during compilation
?FrontendInterface‪$cache to be used for storing compiled CSP aspects (disabled in install tool)

Definition at line 235 of file Policy.php.

References TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy\prepare().

◆ contains()

TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy::contains ( Policy  $other)

Whether the current policy contains another policy (in terms of instances and values, but without inference).

Definition at line 264 of file Policy.php.

References TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy\containsDirective(), and TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy\isEmpty().

◆ containsDirective()

TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy::containsDirective ( Directive  $directive,
SourceCollection|SourceInterface ...  $sources 
)

Definition at line 249 of file Policy.php.

References TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy\asMergedSourceCollection().

Referenced by TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy\contains().

◆ covers()

TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy::covers ( Policy  $other)

Whether the current policy covers another policy (in terms of CSP inference, considering wildcards and similar).

Definition at line 280 of file Policy.php.

References TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy\coversDirective(), and TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy\isEmpty().

◆ coversDirective()

TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy::coversDirective ( Directive  $directive,
SourceCollection|SourceInterface ...  $sources 
)

Definition at line 255 of file Policy.php.

References TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy\asMergedSourceCollection().

Referenced by TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy\covers().

◆ default()

TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy::default ( SourceCollection|SourceInterface ...  $sources)

Sets (overrides) the 'default-src' directive, which is also the fall-back for other more specific directives.

Definition at line 87 of file Policy.php.

Referenced by TYPO3\CMS\Install\Controller\ControllerTrait\createContentSecurityPolicy().

◆ extend()

TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy::extend ( Directive  $directive,
SourceCollection|SourceInterface ...  $sources 
)

Extends a specific directive, either by appending sources or by inheriting from an ancestor directive.

Definition at line 135 of file Policy.php.

References TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy\inherit().

◆ has()

TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy::has ( Directive  $directive)

Definition at line 188 of file Policy.php.

Referenced by TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy\inherit(), TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy\reduce(), and TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy\remove().

◆ inherit()

TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy::inherit ( Directive  $directive,
bool  $again = false 
)

Inherits the current source collection of the closest non-empty ancestor in the chain.

Parameters
bool$again‪whether to inherit again and merge with the existing source collection

Definition at line 114 of file Policy.php.

References TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy\asMergedSourceCollection(), TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy\changeDirectiveSources(), and TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy\has().

Referenced by TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy\extend().

◆ isEmpty()

TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy::isEmpty ( )

Definition at line 51 of file Policy.php.

Referenced by TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy\contains(), and TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy\covers().

◆ mutate()

TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy::mutate ( MutationCollection|Mutation ...  $mutations)

Applies mutations/changes to the current policy.

Definition at line 59 of file Policy.php.

References TYPO3\CMS\Core\Http\Remove.

◆ prepare()

TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy::prepare ( )

Prepares the policy for finally being serialized and issued as HTTP header. This step aims to optimize several combinations, or adjusts directives when 'strict-dynamic' is used.

Definition at line 197 of file Policy.php.

References TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy\$directives.

Referenced by TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy\compile().

◆ purgeNonApplicableSources()

TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy::purgeNonApplicableSources ( Directive  $directive,
SourceCollection  $collection 
)
protected

Definition at line 323 of file Policy.php.

Referenced by TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy\__construct(), TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy\append(), and TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy\set().

◆ reduce()

TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy::reduce ( Directive  $directive,
SourceCollection|SourceInterface ...  $sources 
)

Definition at line 140 of file Policy.php.

References TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy\asMergedSourceCollection(), TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy\changeDirectiveSources(), and TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy\has().

◆ remove()

TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy::remove ( Directive  $directive)

Removes a specific directive.

Definition at line 163 of file Policy.php.

References TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy\has().

◆ report()

TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy::report ( UriValue  $reportUri)

Sets the 'report-uri' directive and appends 'report-sample' to existing & applicable directives.

Definition at line 176 of file Policy.php.

◆ set()

TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy::set ( Directive  $directive,
SourceCollection|SourceInterface ...  $sources 
)

Sets (overrides) a specific directive.

Definition at line 153 of file Policy.php.

References TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy\asMergedSourceCollection(), TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy\changeDirectiveSources(), and TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy\purgeNonApplicableSources().

Member Data Documentation

◆ $directives

Map TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy::$directives
protected

Definition at line 35 of file Policy.php.

Referenced by TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy\prepare().