Issues in Csp.php (main) - Issues in main - blitz-php/framework - Measure and Improve Code Quality continuously with Scrutinizer

Issues (536)

src/Middlewares/Csp.php (2 issues)

Labels

Severity

<?php

/**
 * This file is part of Blitz PHP framework.
 *
 * (c) 2022 Dimitri Sitchet Tomkeu <[email protected]>
 *
 * For the full copyright and license information, please view
 * the LICENSE file that was distributed with this source code.
 */

namespace BlitzPHP\Middlewares;

use BlitzPHP\Exceptions\FrameworkException;
use BlitzPHP\Traits\InstanceConfigTrait;
use ParagonIE\CSPBuilder\CSPBuilder;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Server\MiddlewareInterface;
use Psr\Http\Server\RequestHandlerInterface;

/**
 * Content Security Policy Middleware
 *
 * ### Options
 *
 * - `script_nonce` Permet d'ajouter une politique de nonce à la directive script-src.
 * - `style_nonce` Permet d'ajouter une politique de nonce à la directive style-src.
 */
class Csp implements MiddlewareInterface
{
    use InstanceConfigTrait;

    /**
     * CSP Builder
     */
    protected CSPBuilder $csp;

    /**
     * Options de configuration.
     *
     * @var array<string, mixed>
     */
    protected array $_defaultConfig = [
        'script_nonce' => false,
        'style_nonce'  => false,
    ];

    /**
     * Constructor
     *
     * @param array|CSPBuilder     $csp    Objet CSP ou tableau de configuration
     * @param array<string, mixed> $config options de configurations.
     */
    public function __construct(array|CSPBuilder $csp, array $config = [])
    {
        if (! class_exists(CSPBuilder::class)) {
            throw new FrameworkException('Vous devez installer paragonie/csp-builder pour utiliser le middleware Csp.');
        }

        $this->setConfig($config);

        if (! $csp instanceof CSPBuilder) {

            $csp = new CSPBuilder($csp);
        }

        $this->csp = $csp;
    }

    /**
     * Ajoute les nonces (s'ils sont activés) à la requete et applique l'en-tête CSP à la réponse.
     */
    public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
    {
        if ($this->getConfig('script_nonce')) {
            $request = $request->withAttribute('cspScriptNonce', $this->csp->nonce('script-src'));
        }
        if ($this->getConfig('style_nonce')) {
            $request = $request->withAttribute('cspStyleNonce', $this->csp->nonce('style-src'));
        }

        $response = $handler->handle($request);

        /** @var ResponseInterface */
        return $this->csp->injectCSPHeader($response);

    }
}


1		<?php
2
3		/**
4		* This file is part of Blitz PHP framework.
5		*
6		* (c) 2022 Dimitri Sitchet Tomkeu <[email protected]>
7		*
8		* For the full copyright and license information, please view
9		* the LICENSE file that was distributed with this source code.
10		*/
11
12		namespace BlitzPHP\Middlewares;
13
14		use BlitzPHP\Exceptions\FrameworkException;
15		use BlitzPHP\Traits\InstanceConfigTrait;
16		use ParagonIE\CSPBuilder\CSPBuilder;
17		use Psr\Http\Message\ResponseInterface;
18		use Psr\Http\Message\ServerRequestInterface;
19		use Psr\Http\Server\MiddlewareInterface;
20		use Psr\Http\Server\RequestHandlerInterface;
21
22		/**
23		* Content Security Policy Middleware
24		*
25		* ### Options
26		*
27		* - `script_nonce` Permet d'ajouter une politique de nonce à la directive script-src.
28		* - `style_nonce` Permet d'ajouter une politique de nonce à la directive style-src.
29		*/
30		class Csp implements MiddlewareInterface
31		{
32		use InstanceConfigTrait;
33
34		/**
35		* CSP Builder
36		*/
37		protected CSPBuilder $csp;
38
39		/**
40		* Options de configuration.
41		*
42		* @var array<string, mixed>
43		*/
44		protected array $_defaultConfig = [
45		'script_nonce' => false,
46		'style_nonce' => false,
47		];
48
49		/**
50		* Constructor
51		*
52		* @param array\|CSPBuilder $csp Objet CSP ou tableau de configuration
53		* @param array<string, mixed> $config options de configurations.
54		*/
55		public function __construct(array\|CSPBuilder $csp, array $config = [])
56		{
57		if (! class_exists(CSPBuilder::class)) {
58	2	throw new FrameworkException('Vous devez installer paragonie/csp-builder pour utiliser le middleware Csp.');
59		}
60
61	2	$this->setConfig($config);
62
63		if (! $csp instanceof CSPBuilder) {
		0 ignored issues – show introduced 2025-05-09 18:23 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$csp` is never a sub-type of `ParagonIE\CSPBuilder\CSPBuilder`. Loading history...
64	2	$csp = new CSPBuilder($csp);
65		}
66
67	2	$this->csp = $csp;
68		}
69
70		/**
71		* Ajoute les nonces (s'ils sont activés) à la requete et applique l'en-tête CSP à la réponse.
72		*/
73		public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
74		{
75		if ($this->getConfig('script_nonce')) {
76	2	$request = $request->withAttribute('cspScriptNonce', $this->csp->nonce('script-src'));
77		}
78		if ($this->getConfig('style_nonce')) {
79	2	$request = $request->withAttribute('cspStyleNonce', $this->csp->nonce('style-src'));
80		}
81
82	2	$response = $handler->handle($request);
83
84		/** @var ResponseInterface */
85	2	return $this->csp->injectCSPHeader($response);
		0 ignored issues – show Bug Best Practice introduced 2025-05-09 18:23 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `return $this->csp->injectCSPHeader($response)` returns the type `Psr\Http\Message\MessageInterface` which includes types incompatible with the type-hinted return `Psr\Http\Message\ResponseInterface`. Loading history...
86		}
87		}
88

blitz-php / framework

Issues (536)

src/Middlewares/Csp.php (2 issues)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like