Policy

Representation of the whole Content-Security-Policy see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy

Internal

This implementation still might be adjusted

Table of Contents

Properties

$directives  : Map<Directive, SourceCollection>

Methods

__construct()  : mixed
append()  : self
Appends to an existing directive, or a new source collection in case it was empty.
compile()  : string
Compiles this policy and returns the serialized representation to be used as HTTP header value.
contains()  : bool
Whether the current policy contains another policy (in terms of instances and values, but without inference).
containsDirective()  : bool
Determines whether all sources are contained (in terms of instances and values, but without inference).
covers()  : bool
Whether the current policy covers another policy (in terms of CSP inference, considering wildcards and similar).
coversDirective()  : bool
Determines whether all sources are covered (in terms of CSP inference, considering wildcards and similar).
default()  : self
Sets (overrides) the 'default-src' directive, which is also the fall-back for other more specific directives.
extend()  : self
Extends a specific directive, either by appending sources or by inheriting from an ancestor directive.
has()  : bool
inherit()  : self
Inherits the current source collection of the closest non-empty ancestor in the chain.
isEmpty()  : bool
mutate()  : self
Applies mutations/changes to the current policy.
prepare()  : self
Prepares the policy for finally being serialized and issued as HTTP header.
reduce()  : self
remove()  : self
Removes a specific directive.
report()  : self
Sets the 'report-uri' directive and appends 'report-sample' to existing & applicable directives.
set()  : self
Sets (overrides) a specific directive.
asMergedSourceCollection()  : SourceCollection
changeDirectiveSources()  : self
compareSources()  : int
purgeNonApplicableSources()  : SourceCollection

Properties

Methods

compile()

Compiles this policy and returns the serialized representation to be used as HTTP header value.

public compile(ConsumableNonce $nonce[, FrontendInterface|null $cache = null ]) : string
Parameters
$nonce : ConsumableNonce

used to substitute SourceKeyword::nonceProxy items during compilation

$cache : FrontendInterface|null = null

to be used for storing compiled CSP aspects (disabled in install tool)

Return values
string

contains()

Whether the current policy contains another policy (in terms of instances and values, but without inference).

public contains(Policy $other) : bool
Parameters
$other : Policy
Return values
bool

covers()

Whether the current policy covers another policy (in terms of CSP inference, considering wildcards and similar).

public covers(Policy $other) : bool
Parameters
$other : Policy
Return values
bool

inherit()

Inherits the current source collection of the closest non-empty ancestor in the chain.

public inherit(Directive $directive[, bool $again = false ]) : self
Parameters
$directive : Directive
$again : bool = false

whether to inherit again and merge with the existing source collection

Return values
self

isEmpty()

public isEmpty() : bool
Return values
bool

prepare()

Prepares the policy for finally being serialized and issued as HTTP header.

public prepare() : self

This step aims to optimize several combinations, or adjusts directives when 'strict-dynamic' is used.

Return values
self

remove()

Removes a specific directive.

public remove(Directive $directive) : self
Parameters
$directive : Directive
Return values
self

report()

Sets the 'report-uri' directive and appends 'report-sample' to existing & applicable directives.

public report(UriValue $reportUri) : self
Parameters
$reportUri : UriValue
Return values
self 

        

        
    




    

    

                            

            

                            
    

        On this page

        
    


            

                    

        

    

        

            
Search results