nextcloud/lib/public/Security/CSP/AddContentSecurityPolicyEvent.php

<?php

declare(strict_types=1);

/**
 * SPDX-FileCopyrightText: 2019 Nextcloud GmbH and Nextcloud contributors
 * SPDX-License-Identifier: AGPL-3.0-or-later
 */
namespace OCP\Security\CSP;

use OC\Security\CSP\ContentSecurityPolicyManager;
use OCP\AppFramework\Http\EmptyContentSecurityPolicy;
use OCP\EventDispatcher\Event;

/**
 * Allows to inject something into the default content policy. This is for
 * example useful when you're injecting Javascript code into a view belonging
 * to another controller and cannot modify its Content-Security-Policy itself.
 * Note that the adjustment is only applied to applications that use AppFramework
 * controllers.
 *
 * WARNING: Using this API incorrectly may make the instance more insecure.
 * Do think twice before adding whitelisting resources. Please do also note
 * that it is not possible to use the `disallowXYZ` functions.
 *
 * @since 17.0.0
 */
class AddContentSecurityPolicyEvent extends Event {
	/** @var ContentSecurityPolicyManager */
	private $policyManager;

	/**
	 * @since 17.0.0
	 */
	public function __construct(ContentSecurityPolicyManager $policyManager) {
		parent::__construct();
		$this->policyManager = $policyManager;
	}

	/**
	 * @since 17.0.0
	 */
	public function addPolicy(EmptyContentSecurityPolicy $csp): void {
		$this->policyManager->addDefaultPolicy($csp);
	}
}
Add an event to edit the CSP This introduces and event that can be listend to when we actually use the CSP. This means that apps no longer have to always inject their CSP but only do so when it is required. Yay for being lazy. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2019-05-24 15:42:37 -04:00			`<?php`
Update license headers Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2019-12-03 13:57:53 -05:00
Add an event to edit the CSP This introduces and event that can be listend to when we actually use the CSP. This means that apps no longer have to always inject their CSP but only do so when it is required. Yay for being lazy. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2019-05-24 15:42:37 -04:00			`declare(strict_types=1);`
Update license headers Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2019-12-03 13:57:53 -05:00
Add an event to edit the CSP This introduces and event that can be listend to when we actually use the CSP. This means that apps no longer have to always inject their CSP but only do so when it is required. Yay for being lazy. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2019-05-24 15:42:37 -04:00			`/**`
chore: Add SPDX header Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de> 2024-05-23 03:26:56 -04:00			`* SPDX-FileCopyrightText: 2019 Nextcloud GmbH and Nextcloud contributors`
			`* SPDX-License-Identifier: AGPL-3.0-or-later`
Add an event to edit the CSP This introduces and event that can be listend to when we actually use the CSP. This means that apps no longer have to always inject their CSP but only do so when it is required. Yay for being lazy. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2019-05-24 15:42:37 -04:00			`*/`
			`namespace OCP\Security\CSP;`

			`use OC\Security\CSP\ContentSecurityPolicyManager;`
			`use OCP\AppFramework\Http\EmptyContentSecurityPolicy;`
			`use OCP\EventDispatcher\Event;`

			`/**`
Add PHP doc for events Signed-off-by: Morris Jobke <hey@morrisjobke.de> 2020-08-10 08:24:24 -04:00			`* Allows to inject something into the default content policy. This is for`
			`* example useful when you're injecting Javascript code into a view belonging`
			`* to another controller and cannot modify its Content-Security-Policy itself.`
			`* Note that the adjustment is only applied to applications that use AppFramework`
			`* controllers.`
			`*`
			`* WARNING: Using this API incorrectly may make the instance more insecure.`
			`* Do think twice before adding whitelisting resources. Please do also note`
			* that it is not possible to use the `disallowXYZ` functions.
			`*`
Add an event to edit the CSP This introduces and event that can be listend to when we actually use the CSP. This means that apps no longer have to always inject their CSP but only do so when it is required. Yay for being lazy. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2019-05-24 15:42:37 -04:00			`* @since 17.0.0`
			`*/`
			`class AddContentSecurityPolicyEvent extends Event {`
			`/** @var ContentSecurityPolicyManager */`
			`private $policyManager;`

			`/**`
			`* @since 17.0.0`
			`*/`
			`public function __construct(ContentSecurityPolicyManager $policyManager) {`
Use Symfony's new contract Event class instead of the deprecated one Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2019-09-10 05:37:53 -04:00			`parent::__construct();`
Add an event to edit the CSP This introduces and event that can be listend to when we actually use the CSP. This means that apps no longer have to always inject their CSP but only do so when it is required. Yay for being lazy. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2019-05-24 15:42:37 -04:00			`$this->policyManager = $policyManager;`
			`}`

			`/**`
			`* @since 17.0.0`
			`*/`
			`public function addPolicy(EmptyContentSecurityPolicy $csp): void {`
			`$this->policyManager->addDefaultPolicy($csp);`
			`}`
			`}`