xingcheng
/
FreshRSS
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
A free, self-hostable aggregator…
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5104 Commits
2 Branches
64 Tags
30 MiB
 
 
 
 
 
 
Tag: Branch: Tree: be5848fd4f
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'be5848fd4f'
${ noResults }
FreshRSS/lib/Minz/ActionController.php

78 lines
2.0 KiB
Raw Blame History

<?php
/**
* MINZ - Copyright 2011 Marien Fressinaud
* Sous licence AGPL3 <http://www.gnu.org/licenses/>
*/
/**
* The Minz_ActionController class is a controller in the MVC paradigm
*/
class Minz_ActionController {
protected $view;
private $csp_policies = array(
'default-src' => "'self'",
);
// Gives the possibility to override the default View type.
public static $viewType = 'Minz_View';
public function __construct () {
if (class_exists(self::$viewType)) {
$this->view = new self::$viewType();
} else {
$this->view = new Minz_View();
}
$view_path = Minz_Request::controllerName() . '/' . Minz_Request::actionName() . '.phtml';
$this->view->_path($view_path);
$this->view->attributeParams ();
}
/**
* Getteur
*/
public function view () {
return $this->view;
}
/**
* Set CSP policies.
*
* A default-src directive should always be given.
*
* References:
* - https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
* - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/default-src
*
* @param array $policies An array where keys are directives and values are sources.
*/
protected function _csp($policies) {
if (!isset($policies['default-src'])) {
$action = Minz_Request::controllerName() . '#' . Minz_Request::actionName();
Minz_Log::warning(
"Default CSP policy is not declared for action {$action}.",
ADMIN_LOG
);
}
$this->csp_policies = $policies;
}
/**
* Send HTTP Content-Security-Policy header based on declared policies.
*/
public function declareCspHeader() {
$policies = [];
foreach ($this->csp_policies as $directive => $sources) {
$policies[] = $directive . ' ' . $sources;
}
header('Content-Security-Policy: ' . implode('; ', $policies));
}
/**
* Méthodes à redéfinir (ou non) par héritage
* firstAction est la première méthode exécutée par le Dispatcher
* lastAction est la dernière
*/
public function init () { }
public function firstAction () { }
public function lastAction () { }
}