Security::getContentSecurityPolicy() - Code Metrics - Inspection of "security fixes" - brainexe/core - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( fd6c7c...1f9fde )

by Matze

created 2016-06-24 19:05 UTC

Security::getContentSecurityPolicy() A

↳ Parent: Security

Complexity

Conditions	1
Paths	1

Size

Total Lines	10
Code Lines	6

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	5
CRAP Score	1

Importance

Changes

Metric	Value
c	0
b	0
f	0
dl	0
loc	10
ccs	5
cts	5
cp	1
rs	9.4285
cc	1
eloc	6
nc	1
nop	0
crap	1

<?php

namespace BrainExe\Core\Middleware;

use BrainExe\Annotations\Annotations\Inject;
use BrainExe\Core\Annotations\Middleware;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;

/**
 * @Middleware("Middleware.Security")
 */
class Security extends AbstractMiddleware
{

    /**
     * @var string
     */
    private $socketUrl;

    /**
     * @Inject("%socket.url%")
     * @param $socketHost
     */
    public function __construct(string $socketHost)
    {
        $this->socketUrl = $socketHost;
    }

    /**
     * {@inheritdoc}
     */
    public function processResponse(Request $request, Response $response)
    {
        if (!$request->isXmlHttpRequest()) {
            $response->headers->set('Content-Security-Policy', $this->getContentSecurityPolicy());
            $response->headers->set('X-Frame-Options', 'DENY');

            if ($request->isSecure()) {
                $response->headers->set('Strict-Transport-Security', 'max-age=31536000 ; includeSubDomains');
            }
        }
    }

    /**
     * @return string
     */
    protected function getContentSecurityPolicy() : string
    {
        $parts = [
            'default-src \'self\'',
            'style-src \'self\' \'unsafe-inline\'',
            sprintf('connect-src \'self\' %s', $this->socketUrl),
        ];

        return implode('; ', $parts);
    }
}


1		<?php
2
3		namespace BrainExe\Core\Middleware;
4
5		use BrainExe\Annotations\Annotations\Inject;
6		use BrainExe\Core\Annotations\Middleware;
7		use Symfony\Component\HttpFoundation\Request;
8		use Symfony\Component\HttpFoundation\Response;
9
10		/**
11		* @Middleware("Middleware.Security")
12		*/
13		class Security extends AbstractMiddleware
14		{
15
16		/**
17		* @var string
18		*/
19		private $socketUrl;
20
21		/**
22		* @Inject("%socket.url%")
23		* @param $socketHost
24		*/
25	2	public function __construct(string $socketHost)
26		{
27	2	$this->socketUrl = $socketHost;
28	2	}
29
30		/**
31		* {@inheritdoc}
32		*/
33	2	public function processResponse(Request $request, Response $response)
34		{
35	2	if (!$request->isXmlHttpRequest()) {
36	1	$response->headers->set('Content-Security-Policy', $this->getContentSecurityPolicy());
37	1	$response->headers->set('X-Frame-Options', 'DENY');
38
39	1	if ($request->isSecure()) {
40	1	$response->headers->set('Strict-Transport-Security', 'max-age=31536000 ; includeSubDomains');
41		}
42		}
43	2	}
44
45		/**
46		* @return string
47		*/
48	1	protected function getContentSecurityPolicy() : string
49		{
50		$parts = [
51	1	'default-src \'self\'',
52	1	'style-src \'self\' \'unsafe-inline\'',
53	1	sprintf('connect-src \'self\' %s', $this->socketUrl),
54		];
55
56	1	return implode('; ', $parts);
57		}
58		}
59

brainexe / core

Push — master ( fd6c7c...1f9fde )

Security::getContentSecurityPolicy() A

Complexity

Size

Duplication

Code Coverage

Importance

Duplication Side-by-Side

Filter issues like