*/ /** * The Minz_ActionController class is a controller in the MVC paradigm */ class Minz_ActionController { /** @var array */ private static $csp_default = [ 'default-src' => "'self'", ]; /** @var array */ private $csp_policies; protected $view; // Gives the possibility to override the default View type. public static $viewType = 'Minz_View'; public function __construct () { $this->csp_policies = self::$csp_default; if (class_exists(self::$viewType)) { $this->view = new self::$viewType(); } else { $this->view = new Minz_View(); } $view_path = Minz_Request::controllerName() . '/' . Minz_Request::actionName() . '.phtml'; $this->view->_path($view_path); $this->view->attributeParams (); } /** * Getteur */ public function view () { return $this->view; } /** * Set default CSP policies. * @param array $policies An array where keys are directives and values are sources. */ public static function _defaultCsp($policies) { if (!isset($policies['default-src'])) { Minz_Log::warning('Default CSP policy is not declared', ADMIN_LOG); } self::$csp_default = $policies; } /** * Set CSP policies. * * A default-src directive should always be given. * * References: * - https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP * - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/default-src * * @param array $policies An array where keys are directives and values are sources. */ protected function _csp($policies) { if (!isset($policies['default-src'])) { $action = Minz_Request::controllerName() . '#' . Minz_Request::actionName(); Minz_Log::warning( "Default CSP policy is not declared for action {$action}.", ADMIN_LOG ); } $this->csp_policies = $policies; } /** * Send HTTP Content-Security-Policy header based on declared policies. */ public function declareCspHeader() { $policies = []; foreach ($this->csp_policies as $directive => $sources) { $policies[] = $directive . ' ' . $sources; } header('Content-Security-Policy: ' . implode('; ', $policies)); } /** * Méthodes à redéfinir (ou non) par héritage * firstAction est la première méthode exécutée par le Dispatcher * lastAction est la dernière */ public function init () { } public function firstAction () { } public function lastAction () { } }