Aplus Framework HTTP Library

CSP
in package
implements Stringable

Class CSP.

Tags
see
https://content-security-policy.com/
see
https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
see
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy

Interfaces, Classes, Traits and Enums

Stringable

Table of Contents

baseUri  = 'base-uri'
Restricts the URLs which can be used in a document's `<base>` element.
childSrc  = 'child-src'
Defines the valid sources for web workers and nested browsing contexts loaded using elements such as `<frame>` and `<iframe>`.
connectSrc  = 'connect-src'
Restricts the URLs which can be loaded using script interfaces.
defaultSrc  = 'default-src'
Serves as a fallback for the other fetch directives.
fontSrc  = 'font-src'
Specifies valid sources for fonts loaded using `@font-face`.
formAction  = 'form-action'
Restricts the URLs which can be used as the target of a form submissions from a given context.
frameAncestors  = 'frame-ancestors'
Specifies valid parents that may embed a page using `<frame>`, `<iframe>`, `<object>`, `<embed>`, or `<applet>`.
frameSrc  = 'frame-src'
Specifies valid sources for nested browsing contexts loading using elements such as `<frame>` and `<iframe>`.
imgSrc  = 'img-src'
Specifies valid sources of images and favicons.
manifestSrc  = 'manifest-src'
Specifies valid sources of application manifest files.
mediaSrc  = 'media-src'
Specifies valid sources for loading media using the `<audio>`, `<video>` and `<track>` elements.
navigateTo  = 'navigate-to'
Restricts the URLs to which a document can initiate navigation by any means, including `<form>` (if form-action is not specified), `<a>`, `window.location`, `window.open`, etc.
objectSrc  = 'object-src'
Specifies valid sources for the `<object>`, `<embed>`, and `<applet>` elements.
pluginTypes  = 'plugin-types'
Restricts the set of plugins that can be embedded into a document by limiting the types of resources which can be loaded.
prefetchSrc  = 'prefetch-src'
Specifies valid sources to be prefetched or prerendered.
reportTo  = 'report-to'
Fires a SecurityPolicyViolationEvent.
reportUri  = 'report-uri'
Instructs the user agent to report attempts to violate the Content Security Policy. These violation reports consist of JSON documents sent via an HTTP POST request to the specified URI.
sandbox  = 'sandbox'
Enables a sandbox for the requested resource similar to the `<iframe>` sandbox attribute.
scriptSrc  = 'script-src'
Specifies valid sources for JavaScript and WebAssembly resources.
scriptSrcAttr  = 'script-src-attr'
Specifies valid sources for JavaScript inline event handlers.
scriptSrcElem  = 'script-src-elem'
Specifies valid sources for JavaScript `<script>` elements.
styleSrc  = 'style-src'
Specifies valid sources for stylesheets.
styleSrcAttr  = 'style-src-attr'
Specifies valid sources for inline styles applied to individual DOM elements.
styleSrcElem  = 'style-src-elem'
Specifies valid sources for stylesheets `<style>` elements and `<link>` elements with `rel="stylesheet"`.
upgradeInsecureRequests  = 'upgrade-insecure-requests'
Instructs user agents to treat all of a site's insecure URLs (those served over HTTP) as though they have been replaced with secure URLs (those served over HTTPS). This directive is intended for websites with large numbers of insecure legacy URLs that need to be rewritten.
workerSrc  = 'worker-src'
Specifies valid sources for Worker, SharedWorker, or ServiceWorker scripts.
$directives  : array<string|int, mixed>
__construct()  : mixed
__toString()  : string
addValues()  : static
getDirective()  : array<string|int, string>|null
getDirectives()  : array<string, array<string|int, string>>
getScriptContents()  : array<string|int, string>
getScriptHashes()  : array<string|int, string>
getScriptNonceAttr()  : string
Creates a nonce, adds it to the script-src directive, and returns the attribute to be inserted into the script tag.
getStyleContents()  : array<string|int, string>
getStyleHashes()  : array<string|int, string>
getStyleNonceAttr()  : string
Creates a nonce, adds it to the style-src directive, and returns the attribute to be inserted into the style tag.
makeHash()  : string
makeHashes()  : array<string|int, string>
removeDirective()  : static
render()  : string
setDirective()  : static
setDirectives()  : static
addNonce()  : string
getNonceAttr()  : string
sanitizeValue()  : string

Constants

Properties

$directives

protected array<string|int, mixed> $directives = []

Methods

__construct()

public __construct([array<string, array<string|int, string>> $directives = [] ]) : mixed
Parameters
$directives : array<string, array<string|int, string>> = []
Return values
mixed

__toString()

public __toString() : string
Return values
string

addValues()

public addValues(string $directive, array<string|int, string>|string $values) : static
Parameters
$directive : string
$values : array<string|int, string>|string
Return values
static

getDirective()

public getDirective(string $name) : array<string|int, string>|null
Parameters
$name : string
Return values
array<string|int, string>|null

getDirectives()

public getDirectives() : array<string, array<string|int, string>>
Return values
array<string, array<string|int, string>>

getScriptContents()

public static getScriptContents(string $html) : array<string|int, string>
Parameters
$html : string
Return values
array<string|int, string>

getScriptHashes()

public static getScriptHashes(string $html) : array<string|int, string>
Parameters
$html : string
Return values
array<string|int, string>

getScriptNonceAttr()

Creates a nonce, adds it to the script-src directive, and returns the attribute to be inserted into the script tag.

public getScriptNonceAttr() : string
Return values
string

the nonce attribute

getStyleHashes()

public static getStyleHashes(string $html) : array<string|int, string>
Parameters
$html : string
Return values
array<string|int, string>

getStyleNonceAttr()

Creates a nonce, adds it to the style-src directive, and returns the attribute to be inserted into the style tag.

public getStyleNonceAttr() : string
Return values
string

the nonce attribute

makeHashes()

public static makeHashes(array<string|int, string> $contents[, string $algo = 'sha256' ]) : array<string|int, string>
Parameters
$contents : array<string|int, string>
$algo : string = 'sha256'
Return values
array<string|int, string>

removeDirective()

public removeDirective(string $name) : static
Parameters
$name : string
Return values
static

render()

public render() : string
Return values
string

setDirective()

public setDirective(string $name, array<string|int, string>|string $values) : static
Parameters
$name : string
$values : array<string|int, string>|string
Return values
static

setDirectives()

public setDirectives(array<string, array<string|int, string>> $directives) : static
Parameters
$directives : array<string, array<string|int, string>>
Return values
static

getNonceAttr()

protected getNonceAttr(string $type) : string
Parameters
$type : string
Return values
string

sanitizeValue()

protected sanitizeValue(string $value) : string
Parameters
$value : string
Return values
string

Search results