-
Notifications
You must be signed in to change notification settings - Fork 1
/
controller.php
105 lines (88 loc) · 3.22 KB
/
controller.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
<?php
namespace Concrete\Package\MdSecurityHeaderExtended;
use Concrete\Core\Http\ServerInterface;
use Concrete\Core\Package\Package;
use Macareux\SecurityHeaderExtended\Http\Middleware\AccessControlAllowOriginPolicyMiddleware;
use Macareux\SecurityHeaderExtended\Http\Middleware\ContentTypeOptionsMiddleware;
use Macareux\SecurityHeaderExtended\Http\Middleware\CrossOriginEmbedderPolicyMiddleware;
use Macareux\SecurityHeaderExtended\Http\Middleware\CrossOriginOpenerPolicyMiddleware;
use Macareux\SecurityHeaderExtended\Http\Middleware\CrossOriginResourcePolicyMiddleware;
class Controller extends Package
{
/**
* The minimum concrete5 version compatible with this package.
*
* @var string
*/
protected $appVersionRequired = '8.5.0';
/**
* The handle of this package.
*
* @var string
*/
protected $pkgHandle = 'md_security_header_extended';
/**
* The version number of this package.
*
* @var string
*/
protected $pkgVersion = '1.2.0';
/**
* @see https://documentation.concretecms.org/developers/packages/adding-custom-code-to-packages
*
* @var string[]
*/
protected $pkgAutoloaderRegistries = [
'src' => '\Macareux\SecurityHeaderExtended',
];
/**
* Get the translated name of the package.
*
* @return string
*/
public function getPackageName()
{
return t('Macareux Security Header Extended');
}
/**
* Get the translated package description.
*
* @return string
*/
public function getPackageDescription()
{
return t('This package makes you enable to add some security headers to mitigate some types of attacks.');
}
public function install()
{
$package = parent::install();
$this->installContentFile('install/singlepages.xml');
return $package;
}
public function on_start()
{
$config = $this->getFileConfig();
/** @var ServerInterface $server */
$server = $this->app->make(ServerInterface::class);
$corp = $config->get('security.cross_origin_resource_policy', false);
if ($corp) {
$server->addMiddleware($this->app->make(CrossOriginResourcePolicyMiddleware::class, ['config' => $corp]));
}
$coop = $config->get('security.cross_origin_opener_policy', false);
if ($coop) {
$server->addMiddleware($this->app->make(CrossOriginOpenerPolicyMiddleware::class, ['config' => $coop]));
}
$coep = $config->get('security.cross_origin_embedder_policy', false);
if ($coep) {
$server->addMiddleware($this->app->make(CrossOriginEmbedderPolicyMiddleware::class, ['config' => $coep]));
}
$accessControlAllowOrigin = $config->get('security.access_control_allow_origin', false);
if ($accessControlAllowOrigin) {
$server->addMiddleware($this->app->make(AccessControlAllowOriginPolicyMiddleware::class, ['config' => $accessControlAllowOrigin]));
}
$nosniff = $config->get('security.x_content_type_options', false);
if ($nosniff) {
$server->addMiddleware($this->app->make(ContentTypeOptionsMiddleware::class, ['config' => $nosniff]));
}
}
}