ContentSecurityPolicyHeader
Evaluates a Content-Security-Policy HTTP header.
should only be used from within TYPO3 Core
Table of Contents
Constants
- HEADER_PATTERN = '#(?<directive>default-src|script-src|style-src|object-src)\h+(?<rule>[^;]+)(?:\s*;\s*|$)#'
Properties
- $directives : array<string|int, ContentSecurityPolicyDirective>
Methods
- __construct() : mixed
- isEmpty() : bool
- mitigatesCrossSiteScripting() : bool
- directiveMitigatesCrossSiteScripting() : bool
Constants
HEADER_PATTERN
protected
mixed
HEADER_PATTERN
= '#(?<directive>default-src|script-src|style-src|object-src)\h+(?<rule>[^;]+)(?:\s*;\s*|$)#'
Properties
$directives
protected
array<string|int, ContentSecurityPolicyDirective>
$directives
= []
Methods
__construct()
public
__construct(string $header) : mixed
Parameters
- $header : string
isEmpty()
public
isEmpty() : bool
Return values
boolmitigatesCrossSiteScripting()
public
mitigatesCrossSiteScripting([string|null $fileName = null ]) : bool
Parameters
- $fileName : string|null = null
Return values
booldirectiveMitigatesCrossSiteScripting()
protected
directiveMitigatesCrossSiteScripting(ContentSecurityPolicyDirective $directive) : bool
Parameters
- $directive : ContentSecurityPolicyDirective