Issues in NonceContainer.php (v4) - Issues in v4 - nystudio107/craft-seomatic - Measure and Improve Code Quality continuously with Scrutinizer

Issues (245)

src/base/NonceContainer.php (2 issues)

Labels

Severity

<?php
/**
 * SEOmatic plugin for Craft CMS
 *
 * A turnkey SEO implementation for Craft CMS that is comprehensive, powerful,
 * and flexible
 *
 * @link      https://nystudio107.com
 * @copyright Copyright (c) 2017 nystudio107
 */

namespace nystudio107\seomatic\base;

use Craft;
use nystudio107\seomatic\helpers\Dependency;
use nystudio107\seomatic\models\MetaJsonLdContainer;
use nystudio107\seomatic\models\MetaScriptContainer;

use nystudio107\seomatic\Seomatic;

/**
 * @author    nystudio107
 * @package   Seomatic
 * @since     3.3.11
 */
abstract class NonceContainer extends MetaContainer implements NonceContainerInterface
{
    // Traits
    // =========================================================================

    use NonceContainerTrait;

    // Constants
    // =========================================================================

    public const CSP_HEADERS = [
        'Content-Security-Policy',
        'X-Content-Security-Policy',
        'X-WebKit-CSP',
    ];

    public const CSP_DIRECTIVE = 'script-src';

    // Public Methods
    // =========================================================================

    /**
     * @inheritDoc
     */
    public function addNonceTags(array $cspNonces)
    {
        if (!empty(Seomatic::$settings->cspNonce) && Seomatic::$settings->cspNonce === 'tag' && !empty($cspNonces)) {
            $serializedNonces = implode(" ", $cspNonces);
            $cspHeader = self::CSP_HEADERS[0];
            $cspDirective = self::CSP_DIRECTIVE;
            $cspValue = "{$cspDirective} {$serializedNonces};";
            $metaTag = Seomatic::$plugin->tag->create([

                'key' => md5($cspValue),
                'httpEquiv' => $cspHeader,
                'content' => $cspValue,
            ]);
        }
    }

    /**
     * @inheritDoc
     */
    public function addNonceHeaders(array $cspNonces)
    {
        if (!empty(Seomatic::$settings->cspNonce) && Seomatic::$settings->cspNonce === 'header' && !empty($cspNonces)) {
            $serializedNonces = implode(" ", $cspNonces);
            $cspDirective = self::CSP_DIRECTIVE;
            $cspValue = "{$cspDirective} {$serializedNonces};";
            foreach (self::CSP_HEADERS as $cspHeader) {
                Craft::$app->getResponse()->getHeaders()->add($cspHeader, $cspValue);
            }
        }
    }

    /**
     * @inheritDoc
     */
    public function getCspNonces(): array
    {
        $cspNonces = [];
        /** @var NonceItem $metaItemModel */
        foreach ($this->data as $metaItemModel) {
            if ($metaItemModel->include && !empty($metaItemModel->nonce)) {

                $dependencies = [];
                $nonce = $metaItemModel->nonce;
                if ($this instanceof MetaScriptContainer) {
                    $dependencies = [
                        Dependency::SCRIPT_DEPENDENCY => [$metaItemModel->key],
                    ];
                }
                if ($this instanceof MetaJsonLdContainer) {
                    $dependencies = [
                        Dependency::JSONLD_DEPENDENCY => [$metaItemModel->key],
                    ];
                }
                $cspNonce = "'nonce-{$nonce}'";
                if (Dependency::validateDependencies($dependencies) && !in_array($cspNonce, $cspNonces, true)) {
                    $cspNonces[] = $cspNonce;
                }
            }
        }

        return $cspNonces;
    }

    // Protected Methods
    // =========================================================================


    /**
     * Return a CSP value for inclusion in header or meta tag
     *
     * @param string $nonce
     * @param string $cspDirective
     * @return string
     */
    protected function getCspValue(string $nonce, string $cspDirective): string
    {
        return "{$cspDirective} 'nonce-$nonce'";
    }
}


1			<?php
2			/**
3			* SEOmatic plugin for Craft CMS
4			*
5			* A turnkey SEO implementation for Craft CMS that is comprehensive, powerful,
6			* and flexible
7			*
8			* @link https://nystudio107.com
9			* @copyright Copyright (c) 2017 nystudio107
10			*/
11
12			namespace nystudio107\seomatic\base;
13
14			use Craft;
15			use nystudio107\seomatic\helpers\Dependency;
16			use nystudio107\seomatic\models\MetaJsonLdContainer;
17			use nystudio107\seomatic\models\MetaScriptContainer;
18
19			use nystudio107\seomatic\Seomatic;
20
21			/**
22			* @author nystudio107
23			* @package Seomatic
24			* @since 3.3.11
25			*/
26			abstract class NonceContainer extends MetaContainer implements NonceContainerInterface
27			{
28			// Traits
29			// =========================================================================
30
31			use NonceContainerTrait;
32
33			// Constants
34			// =========================================================================
35
36			public const CSP_HEADERS = [
37			'Content-Security-Policy',
38			'X-Content-Security-Policy',
39			'X-WebKit-CSP',
40			];
41
42			public const CSP_DIRECTIVE = 'script-src';
43
44			// Public Methods
45			// =========================================================================
46
47			/**
48			* @inheritDoc
49			*/
50			public function addNonceTags(array $cspNonces)
51			{
52			if (!empty(Seomatic::$settings->cspNonce) && Seomatic::$settings->cspNonce === 'tag' && !empty($cspNonces)) {
53			$serializedNonces = implode(" ", $cspNonces);
54			$cspHeader = self::CSP_HEADERS[0];
55			$cspDirective = self::CSP_DIRECTIVE;
56			$cspValue = "{$cspDirective} {$serializedNonces};";
57			$metaTag = Seomatic::$plugin->tag->create([
			0 ignored issues – show Unused Code introduced 2020-07-14 22:40 UTC by Report Bug Copy Issue Report Show Similar Issues like this The assignment to `$metaTag` is dead and can be removed. Loading history...
58			'key' => md5($cspValue),
59			'httpEquiv' => $cspHeader,
60			'content' => $cspValue,
61			]);
62			}
63			}
64
65			/**
66			* @inheritDoc
67			*/
68			public function addNonceHeaders(array $cspNonces)
69			{
70			if (!empty(Seomatic::$settings->cspNonce) && Seomatic::$settings->cspNonce === 'header' && !empty($cspNonces)) {
71			$serializedNonces = implode(" ", $cspNonces);
72			$cspDirective = self::CSP_DIRECTIVE;
73			$cspValue = "{$cspDirective} {$serializedNonces};";
74			foreach (self::CSP_HEADERS as $cspHeader) {
75			Craft::$app->getResponse()->getHeaders()->add($cspHeader, $cspValue);
76			}
77			}
78			}
79
80			/**
81			* @inheritDoc
82			*/
83			public function getCspNonces(): array
84			{
85			$cspNonces = [];
86			/** @var NonceItem $metaItemModel */
87			foreach ($this->data as $metaItemModel) {
88			if ($metaItemModel->include && !empty($metaItemModel->nonce)) {
			0 ignored issues – show Bug Best Practice introduced 2020-07-14 22:40 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `nonce` does not exist on `nystudio107\seomatic\base\MetaItem`. Since you implemented `__get`, consider adding a @property annotation. Loading history...
89			$dependencies = [];
90			$nonce = $metaItemModel->nonce;
91			if ($this instanceof MetaScriptContainer) {
92			$dependencies = [
93			Dependency::SCRIPT_DEPENDENCY => [$metaItemModel->key],
94			];
95			}
96			if ($this instanceof MetaJsonLdContainer) {
97			$dependencies = [
98			Dependency::JSONLD_DEPENDENCY => [$metaItemModel->key],
99			];
100			}
101			$cspNonce = "'nonce-{$nonce}'";
102			if (Dependency::validateDependencies($dependencies) && !in_array($cspNonce, $cspNonces, true)) {
103			$cspNonces[] = $cspNonce;
104			}
105			}
106			}
107
108			return $cspNonces;
109			}
110
111			// Protected Methods
112			// =========================================================================
113
114
115			/**
116			* Return a CSP value for inclusion in header or meta tag
117			*
118			* @param string $nonce
119			* @param string $cspDirective
120			* @return string
121			*/
122			protected function getCspValue(string $nonce, string $cspDirective): string
123			{
124			return "{$cspDirective} 'nonce-$nonce'";
125			}
126			}
127

nystudio107 / craft-seomatic

Issues (245)

src/base/NonceContainer.php (2 issues)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like