diff options
Diffstat (limited to 'app')
-rw-r--r-- | app/Controller/Base.php | 2 | ||||
-rw-r--r-- | app/Core/Plugin/Base.php | 11 | ||||
-rw-r--r-- | app/ServiceProvider/ClassProvider.php | 2 |
3 files changed, 14 insertions, 1 deletions
diff --git a/app/Controller/Base.php b/app/Controller/Base.php index 480976b0..e0fd59cb 100644 --- a/app/Controller/Base.php +++ b/app/Controller/Base.php @@ -80,7 +80,7 @@ abstract class Base extends \Core\Base private function sendHeaders($action) { // HTTP secure headers - $this->response->csp(array('style-src' => "'self' 'unsafe-inline'", 'img-src' => '* data:')); + $this->response->csp($this->container['cspRules']); $this->response->nosniff(); $this->response->xss(); diff --git a/app/Core/Plugin/Base.php b/app/Core/Plugin/Base.php index a72a0cd6..1b7ac8f5 100644 --- a/app/Core/Plugin/Base.php +++ b/app/Core/Plugin/Base.php @@ -19,6 +19,17 @@ abstract class Base extends \Core\Base abstract public function initialize(); /** + * Override default CSP rules + * + * @access public + * @param array $rules + */ + public function setContentSecurityPolicy(array $rules) + { + $this->container['cspRules'] = $rules; + } + + /** * Returns all classes that needs to be stored in the DI container * * @access public diff --git a/app/ServiceProvider/ClassProvider.php b/app/ServiceProvider/ClassProvider.php index 8a959638..5d157749 100644 --- a/app/ServiceProvider/ClassProvider.php +++ b/app/ServiceProvider/ClassProvider.php @@ -126,5 +126,7 @@ class ClassProvider implements ServiceProviderInterface }; $container['pluginLoader'] = new Loader($container); + + $container['cspRules'] = array('style-src' => "'self' 'unsafe-inline'", 'img-src' => '* data:'); } } |