Refactoring: added controlled middleware and changed response class

1 files changed, 44 insertions, 0 deletions

diff --git a/app/Middleware/BootstrapMiddleware.php b/app/Middleware/BootstrapMiddleware.php
new file mode 100644
index 00000000..c9de1de9
--- /dev/null
+++ b/app/Middleware/BootstrapMiddleware.php
@@ -0,0 +1,44 @@
+<?php
+
+namespace Kanboard\Middleware;
+
+use Kanboard\Core\Controller\BaseMiddleware;
+
+/**
+ * Class BootstrapMiddleware
+ *
+ * @package Kanboard\Middleware
+ * @author  Frederic Guillot
+ */
+class BootstrapMiddleware extends BaseMiddleware
+{
+    /**
+     * Execute middleware
+     */
+    public function execute()
+    {
+        $this->sessionManager->open();
+        $this->dispatcher->dispatch('app.bootstrap');
+        $this->sendHeaders();
+        $this->next();
+    }
+
+    /**
+     * Send HTTP headers
+     *
+     * @access private
+     */
+    private function sendHeaders()
+    {
+        $this->response->withContentSecurityPolicy($this->container['cspRules']);
+        $this->response->withSecurityHeaders();
+
+        if (ENABLE_XFRAME && $this->router->getAction() !== 'readonly') {
+            $this->response->withXframe();
+        }
+
+        if (ENABLE_HSTS) {
+            $this->response->withStrictTransportSecurity();
+        }
+    }
+}