ResponseHeaders::getHeaders() - Code Metrics - Inspection of "Added automatic initialisation if it hasn't been d..." - jenskooij/cloudcontrol - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — develop ( fabd4f...d3878a )

by Jens

created 2018-03-27 22:46 UTC

ResponseHeaders::getHeaders() A

↳ Parent: ResponseHeaders

Complexity

Conditions	1
Paths	1

Size

Total Lines	3
Code Lines	1

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	1
eloc	1
nc	1
nop	0
dl	0
loc	3
rs	10
c	0
b	0
f	0

<?php
/**
 * Created by: Jens
 * Date: 27-3-2018
 */

namespace CloudControl\Cms\cc;


class ResponseHeaders
{
    const HEADER_ACCESS_CONTROL_ALLOW_ORIGIN = 'Access-Control-Allow-Origin';
    const HEADER_ACCESS_CONTROL_ALLOW_ORIGIN_CONTENT = '*';
    const HEADER_CACHE_CONTROL = 'Cache-Control';
    const HEADER_CACHE_CONTROL_CONTENT_NO_STORE_NO_CACHE_MUST_REVALIDATE_MAX_AGE_0 = 'no-store, no-cache, must-revalidate, max-age=0';
    const HEADER_CONNECTION = 'Connection';
    const HEADER_CONNECTION_CONTENT_KEEP_ALIVE = 'Keep-Alive';
    const HEADER_CONTENT_DESCRIPTION = 'Content-Description';
    const HEADER_CONTENT_DESCRIPTION_CONTENT = 'File Transfer';
    const HEADER_CONTENT_DISPOSITION = 'Content-Disposition';
    const HEADER_CONTENT_LENGTH = 'Content-Length';
    const HEADER_CONTENT_SECURITY_POLICY = 'Content-Security-Policy';
    const HEADER_CONTENT_SECURITY_POLICY_CONTENT_INSECURE = 'default-src \'self\' https: \'unsafe-inline\' \'unsafe-eval\'';
    const HEADER_CONTENT_SECURITY_POLICY_CONTENT_LOCALHOST = 'default-src * \'unsafe-inline\' \'unsafe-eval\' data: blob:';
    const HEADER_CONTENT_SECURITY_POLICY_CONTENT_SECURE = 'default-src https: \'unsafe-inline\' \'unsafe-eval\'';
    const HEADER_CONTENT_TRANSFER_ENCODING = 'Content-Transfer-Encoding';
    const HEADER_CONTENT_TRANSFER_ENCODING_CONTENT_BINARY = 'binary';
    const HEADER_CONTENT_TYPE = 'Content-Type';
    const HEADER_CONTENT_TYPE_CONTENT_APPLICATION_JSON = 'application/json';
    const HEADER_CONTENT_TYPE_CONTENT_TEXT_HTML = 'text/html';
    const HEADER_EXPIRES = 'Expires';
    const HEADER_PRAGMA = 'Pragma';
    const HEADER_PRAGMA_CONTENT_CACHE = 'cache';
    const HEADER_PRAGMA_CONTENT_NO_CACHE = 'no-cache';
    const HEADER_PRAGMA_CONTENT_PUBLIC = 'public';
    const HEADER_REFERRER_POLICY = 'Referrer-Policy';
    const HEADER_REFERRER_POLICY_CONTENT = 'strict-origin-when-cross-origin';
    const HEADER_SET_COOKIE = 'Set-Cookie';
    const HEADER_STRICT_TRANSPORT_SECURITY = 'Strict-Transport-Security';
    const HEADER_STRICT_TRANSPORT_SECURITY_CONTENT = 'max-age=31536000';
    const HEADER_X_CONTENT_SECURITY_POLICY = 'X-Content-Security-Policy'; // For IE
    const HEADER_X_CONTENT_TYPE_OPTIONS = 'X-Content-Type-Options';
    const HEADER_X_CONTENT_TYPE_OPTIONS_CONTENT = 'nosniff;';
    const HEADER_X_FRAME_OPTIONS = 'X-Frame-Options: ';
    const HEADER_X_FRAME_OPTIONS_CONTENT = 'SAMEORIGIN';
    const HEADER_X_POWERED_BY = 'X-Powered-By';
    const HEADER_X_POWERED_BY_CONTENT = 'Cloud Control - https://getcloudcontrol.org';
    const HEADER_X_XSS_PROTECTION = 'X-XSS-Protection';
    const HEADER_X_XSS_PROTECTION_CONTENT = '1; mode=block';

    /**
     * Default headers
     * @var array
     */
    protected static $headers = array(
        self::HEADER_ACCESS_CONTROL_ALLOW_ORIGIN => self::HEADER_ACCESS_CONTROL_ALLOW_ORIGIN_CONTENT,
        self::HEADER_CONTENT_TYPE => self::HEADER_CONTENT_TYPE_CONTENT_TEXT_HTML,
        self::HEADER_REFERRER_POLICY => self::HEADER_REFERRER_POLICY_CONTENT,
        self::HEADER_STRICT_TRANSPORT_SECURITY => self::HEADER_STRICT_TRANSPORT_SECURITY_CONTENT,
        self::HEADER_X_CONTENT_TYPE_OPTIONS => self::HEADER_X_CONTENT_TYPE_OPTIONS_CONTENT,
        self::HEADER_X_FRAME_OPTIONS => self::HEADER_X_FRAME_OPTIONS_CONTENT,
        self::HEADER_X_POWERED_BY => self::HEADER_X_POWERED_BY_CONTENT,
        self::HEADER_X_XSS_PROTECTION => self::HEADER_X_XSS_PROTECTION_CONTENT,
    );

    protected static $initialized = false;

    /**
     * ResponseHeaders constructor.
     */
    public function __construct()
    {
        self::init();
    }

    /**
     * Adds content security policy headers
     */
    public static function init()
    {
        self::add(self::HEADER_SET_COOKIE, '__Host-sess=' . session_id() . '; path=' . Request::$subfolders . '; Secure; HttpOnly; SameSite;');
        if (Request::isSecure()) {
            self::add(self::HEADER_CONTENT_SECURITY_POLICY, self::HEADER_CONTENT_SECURITY_POLICY_CONTENT_SECURE);
            self::add(self::HEADER_STRICT_TRANSPORT_SECURITY, self::HEADER_STRICT_TRANSPORT_SECURITY_CONTENT);
            self::add(self::HEADER_X_CONTENT_SECURITY_POLICY, self::HEADER_CONTENT_SECURITY_POLICY_CONTENT_SECURE);
        } elseif (Request::isLocalhost()) {
            self::add(self::HEADER_CONTENT_SECURITY_POLICY, self::HEADER_CONTENT_SECURITY_POLICY_CONTENT_LOCALHOST);
            self::add(self::HEADER_X_CONTENT_SECURITY_POLICY, self::HEADER_CONTENT_SECURITY_POLICY_CONTENT_LOCALHOST);
        } else {
            self::add(self::HEADER_CONTENT_SECURITY_POLICY, self::HEADER_CONTENT_SECURITY_POLICY_CONTENT_INSECURE);
            self::add(self::HEADER_X_CONTENT_SECURITY_POLICY, self::HEADER_CONTENT_SECURITY_POLICY_CONTENT_INSECURE);
        }
        self::$initialized = true;
    }

    /**
     * @param $headerName
     * @param $headerContent
     */
    public static function add($headerName, $headerContent)
    {
        self::$headers[$headerName] = $headerContent;
    }

    /**
     * @param $headerName
     */
    public static function delete($headerName)
    {
        if (isset(self::$headers[$headerName])) {
            unset(self::$headers[$headerName]);
        }
    }

    /**
     * @return array
     */
    public static function getHeaders()
    {
        return self::$headers;
    }

    public static function sendAllHeaders()
    {
        if (self::$initialized === false) {
            self::init();
        }
        foreach (self::$headers as $headerName => $headerContent) {
            header($headerName . ': ' . $headerContent);
        }
    }
}

1			<?php
2			/**
3			* Created by: Jens
4			* Date: 27-3-2018
5			*/
6
7			namespace CloudControl\Cms\cc;
8
9
10			class ResponseHeaders
11			{
12			const HEADER_ACCESS_CONTROL_ALLOW_ORIGIN = 'Access-Control-Allow-Origin';
13			const HEADER_ACCESS_CONTROL_ALLOW_ORIGIN_CONTENT = '*';
14			const HEADER_CACHE_CONTROL = 'Cache-Control';
15			const HEADER_CACHE_CONTROL_CONTENT_NO_STORE_NO_CACHE_MUST_REVALIDATE_MAX_AGE_0 = 'no-store, no-cache, must-revalidate, max-age=0';
16			const HEADER_CONNECTION = 'Connection';
17			const HEADER_CONNECTION_CONTENT_KEEP_ALIVE = 'Keep-Alive';
18			const HEADER_CONTENT_DESCRIPTION = 'Content-Description';
19			const HEADER_CONTENT_DESCRIPTION_CONTENT = 'File Transfer';
20			const HEADER_CONTENT_DISPOSITION = 'Content-Disposition';
21			const HEADER_CONTENT_LENGTH = 'Content-Length';
22			const HEADER_CONTENT_SECURITY_POLICY = 'Content-Security-Policy';
23			const HEADER_CONTENT_SECURITY_POLICY_CONTENT_INSECURE = 'default-src \'self\' https: \'unsafe-inline\' \'unsafe-eval\'';
24			const HEADER_CONTENT_SECURITY_POLICY_CONTENT_LOCALHOST = 'default-src * \'unsafe-inline\' \'unsafe-eval\' data: blob:';
25			const HEADER_CONTENT_SECURITY_POLICY_CONTENT_SECURE = 'default-src https: \'unsafe-inline\' \'unsafe-eval\'';
26			const HEADER_CONTENT_TRANSFER_ENCODING = 'Content-Transfer-Encoding';
27			const HEADER_CONTENT_TRANSFER_ENCODING_CONTENT_BINARY = 'binary';
28			const HEADER_CONTENT_TYPE = 'Content-Type';
29			const HEADER_CONTENT_TYPE_CONTENT_APPLICATION_JSON = 'application/json';
30			const HEADER_CONTENT_TYPE_CONTENT_TEXT_HTML = 'text/html';
31			const HEADER_EXPIRES = 'Expires';
32			const HEADER_PRAGMA = 'Pragma';
33			const HEADER_PRAGMA_CONTENT_CACHE = 'cache';
34			const HEADER_PRAGMA_CONTENT_NO_CACHE = 'no-cache';
35			const HEADER_PRAGMA_CONTENT_PUBLIC = 'public';
36			const HEADER_REFERRER_POLICY = 'Referrer-Policy';
37			const HEADER_REFERRER_POLICY_CONTENT = 'strict-origin-when-cross-origin';
38			const HEADER_SET_COOKIE = 'Set-Cookie';
39			const HEADER_STRICT_TRANSPORT_SECURITY = 'Strict-Transport-Security';
40			const HEADER_STRICT_TRANSPORT_SECURITY_CONTENT = 'max-age=31536000';
41			const HEADER_X_CONTENT_SECURITY_POLICY = 'X-Content-Security-Policy'; // For IE
42			const HEADER_X_CONTENT_TYPE_OPTIONS = 'X-Content-Type-Options';
43			const HEADER_X_CONTENT_TYPE_OPTIONS_CONTENT = 'nosniff;';
44			const HEADER_X_FRAME_OPTIONS = 'X-Frame-Options: ';
45			const HEADER_X_FRAME_OPTIONS_CONTENT = 'SAMEORIGIN';
46			const HEADER_X_POWERED_BY = 'X-Powered-By';
47			const HEADER_X_POWERED_BY_CONTENT = 'Cloud Control - https://getcloudcontrol.org';
48			const HEADER_X_XSS_PROTECTION = 'X-XSS-Protection';
49			const HEADER_X_XSS_PROTECTION_CONTENT = '1; mode=block';
50
51			/**
52			* Default headers
53			* @var array
54			*/
55			protected static $headers = array(
56			self::HEADER_ACCESS_CONTROL_ALLOW_ORIGIN => self::HEADER_ACCESS_CONTROL_ALLOW_ORIGIN_CONTENT,
57			self::HEADER_CONTENT_TYPE => self::HEADER_CONTENT_TYPE_CONTENT_TEXT_HTML,
58			self::HEADER_REFERRER_POLICY => self::HEADER_REFERRER_POLICY_CONTENT,
59			self::HEADER_STRICT_TRANSPORT_SECURITY => self::HEADER_STRICT_TRANSPORT_SECURITY_CONTENT,
60			self::HEADER_X_CONTENT_TYPE_OPTIONS => self::HEADER_X_CONTENT_TYPE_OPTIONS_CONTENT,
61			self::HEADER_X_FRAME_OPTIONS => self::HEADER_X_FRAME_OPTIONS_CONTENT,
62			self::HEADER_X_POWERED_BY => self::HEADER_X_POWERED_BY_CONTENT,
63			self::HEADER_X_XSS_PROTECTION => self::HEADER_X_XSS_PROTECTION_CONTENT,
64			);
65
66			protected static $initialized = false;
67
68			/**
69			* ResponseHeaders constructor.
70			*/
71			public function __construct()
72			{
73			self::init();
74			}
75
76			/**
77			* Adds content security policy headers
78			*/
79			public static function init()
80			{
81			self::add(self::HEADER_SET_COOKIE, '__Host-sess=' . session_id() . '; path=' . Request::$subfolders . '; Secure; HttpOnly; SameSite;');
82			if (Request::isSecure()) {
83			self::add(self::HEADER_CONTENT_SECURITY_POLICY, self::HEADER_CONTENT_SECURITY_POLICY_CONTENT_SECURE);
84			self::add(self::HEADER_STRICT_TRANSPORT_SECURITY, self::HEADER_STRICT_TRANSPORT_SECURITY_CONTENT);
85			self::add(self::HEADER_X_CONTENT_SECURITY_POLICY, self::HEADER_CONTENT_SECURITY_POLICY_CONTENT_SECURE);
86			} elseif (Request::isLocalhost()) {
87			self::add(self::HEADER_CONTENT_SECURITY_POLICY, self::HEADER_CONTENT_SECURITY_POLICY_CONTENT_LOCALHOST);
88			self::add(self::HEADER_X_CONTENT_SECURITY_POLICY, self::HEADER_CONTENT_SECURITY_POLICY_CONTENT_LOCALHOST);
89			} else {
90			self::add(self::HEADER_CONTENT_SECURITY_POLICY, self::HEADER_CONTENT_SECURITY_POLICY_CONTENT_INSECURE);
91			self::add(self::HEADER_X_CONTENT_SECURITY_POLICY, self::HEADER_CONTENT_SECURITY_POLICY_CONTENT_INSECURE);
92			}
93			self::$initialized = true;
94			}
95
96			/**
97			* @param $headerName
98			* @param $headerContent
99			*/
100			public static function add($headerName, $headerContent)
101			{
102			self::$headers[$headerName] = $headerContent;
103			}
104
105			/**
106			* @param $headerName
107			*/
108			public static function delete($headerName)
109			{
110			if (isset(self::$headers[$headerName])) {
111			unset(self::$headers[$headerName]);
112			}
113			}
114
115			/**
116			* @return array
117			*/
118			public static function getHeaders()
119			{
120			return self::$headers;
121			}
122
123			public static function sendAllHeaders()
124			{
125			if (self::$initialized === false) {
126			self::init();
127			}
128			foreach (self::$headers as $headerName => $headerContent) {
129			header($headerName . ': ' . $headerContent);
130			}
131			}
132			}

jenskooij / cloudcontrol

Push — develop ( fabd4f...d3878a )

ResponseHeaders::getHeaders() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like