Issues in SecureHeaders.php (main) - Issues in main - blitz-php/framework - Measure and Improve Code Quality continuously with Scrutinizer

Issues (536)

src/Middlewares/SecureHeaders.php (1 issue)

Labels

Severity

Major 1

<?php

/**
 * This file is part of Blitz PHP framework.
 *
 * (c) 2022 Dimitri Sitchet Tomkeu <[email protected]>
 *
 * For the full copyright and license information, please view
 * the LICENSE file that was distributed with this source code.
 */

namespace BlitzPHP\Middlewares;

use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Server\MiddlewareInterface;
use Psr\Http\Server\RequestHandlerInterface;

/**
 * Ajoute les entete de securites communs
 */
class SecureHeaders implements MiddlewareInterface
{
    /**
     * @var array<string, string>
     */
    protected array $headers = [
        // https://owasp.org/www-project-secure-headers/#x-frame-options
        'X-Frame-Options' => 'SAMEORIGIN',

        // https://owasp.org/www-project-secure-headers/#x-content-type-options
        'X-Content-Type-Options' => 'nosniff',

        // https://docs.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/jj542450(v=vs.85)#the-noopen-directive
        'X-Download-Options' => 'noopen',

        // https://owasp.org/www-project-secure-headers/#x-permitted-cross-domain-policies
        'X-Permitted-Cross-Domain-Policies' => 'none',

        // https://owasp.org/www-project-secure-headers/#referrer-policy
        'Referrer-Policy' => 'same-origin',

        // https://owasp.org/www-project-secure-headers/#x-xss-protection
        // Si vous n'avez pas besoin de prendre en charge les navigateurs existants, il est recommandé d'utiliser
        // Content-Security-Policy sans autoriser les scripts en ligne non sécurisés à la place.
        // 'X-XSS-Protection' => '1; mode=block',
    ];

    public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
    {
        $response = $handler->handle($request);

        foreach ($this->headers as $header => $value) {
            $response = $response->withHeader($header, $value);
        }

        return $response;

    }
}


1			<?php
2
3			/**
4			* This file is part of Blitz PHP framework.
5			*
6			* (c) 2022 Dimitri Sitchet Tomkeu <[email protected]>
7			*
8			* For the full copyright and license information, please view
9			* the LICENSE file that was distributed with this source code.
10			*/
11
12			namespace BlitzPHP\Middlewares;
13
14			use Psr\Http\Message\ResponseInterface;
15			use Psr\Http\Message\ServerRequestInterface;
16			use Psr\Http\Server\MiddlewareInterface;
17			use Psr\Http\Server\RequestHandlerInterface;
18
19			/**
20			* Ajoute les entete de securites communs
21			*/
22			class SecureHeaders implements MiddlewareInterface
23			{
24			/**
25			* @var array<string, string>
26			*/
27			protected array $headers = [
28			// https://owasp.org/www-project-secure-headers/#x-frame-options
29			'X-Frame-Options' => 'SAMEORIGIN',
30
31			// https://owasp.org/www-project-secure-headers/#x-content-type-options
32			'X-Content-Type-Options' => 'nosniff',
33
34			// https://docs.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/jj542450(v=vs.85)#the-noopen-directive
35			'X-Download-Options' => 'noopen',
36
37			// https://owasp.org/www-project-secure-headers/#x-permitted-cross-domain-policies
38			'X-Permitted-Cross-Domain-Policies' => 'none',
39
40			// https://owasp.org/www-project-secure-headers/#referrer-policy
41			'Referrer-Policy' => 'same-origin',
42
43			// https://owasp.org/www-project-secure-headers/#x-xss-protection
44			// Si vous n'avez pas besoin de prendre en charge les navigateurs existants, il est recommandé d'utiliser
45			// Content-Security-Policy sans autoriser les scripts en ligne non sécurisés à la place.
46			// 'X-XSS-Protection' => '1; mode=block',
47			];
48
49			public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
50			{
51			$response = $handler->handle($request);
52
53			foreach ($this->headers as $header => $value) {
54			$response = $response->withHeader($header, $value);
55			}
56
57			return $response;
			0 ignored issues – show Bug Best Practice introduced 2023-11-22 12:14 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `return $response` could return the type `Psr\Http\Message\MessageInterface` which includes types incompatible with the type-hinted return `Psr\Http\Message\ResponseInterface`. Consider adding an additional type-check to rule them out. Loading history...
58			}
59			}
60

blitz-php / framework

Issues (536)

src/Middlewares/SecureHeaders.php (1 issue)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like