-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathMarkupContentSecurityPolicyConfig.php
More file actions
166 lines (143 loc) · 5.06 KB
/
MarkupContentSecurityPolicyConfig.php
File metadata and controls
166 lines (143 loc) · 5.06 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
<?php namespace ProcessWire;
/**
* Markup Content Security Policy Configuration
*
*/
class MarkupContentSecurityPolicyConfig extends ModuleConfig {
/**
* Returns default values for module variables
*
* @return array
*
*/
public function getDefaults() {
return [
'deploy' => 0,
];
}
/**
* Returns inputs for module configuration
*
* @return InputfieldWrapper
*
*/
public function getInputfields() {
$modules = $this->wire('modules');
$inputfields = parent::getInputfields();
$csp = $modules->get(str_replace('Config', '', $this->className));
$textCsp = $this->_('Content Security Policy');
$urlInfo = 'https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy';
// Deploy
$inputfields->add([
'type' => 'radios',
'name' => 'deploy',
'label' => $this->_('Deploy Policy?'),
'options' => [
1 => $this->_('Yes'),
0 => $this->_('No'),
],
'notes' => sprintf($this->_('When not deployed, or debug mode is enabled, the %s will only be implemented for the superuser account.'), $textCsp),
'icon' => 'toggle-on',
'optionColumns' => 1,
]);
// Directives
$fieldset = $modules->get('InputfieldFieldset');
$fieldset->label = $this->_('Directives');
$fieldset->description = sprintf($this->_('For more information on %1$s directives, please visit %2$s.'), $textCsp, "[$urlInfo]($urlInfo)");
$fieldset->icon = 'pencil';
$directives = [[], []];
$placeholders = [
'default-src' => "'none'",
'script-src' => "'self' https://cdnjs.cloudflare.com https://www.google-analytics.com https://ssl.google-analytics.com",
'style-src' => "'self' 'unsafe-inline' https://cdnjs.cloudflare.com",
'img-src' => "'self' data: https://www.google-analytics.com",
'connect-src' => "'self' https://www.google-analytics.com",
'media-src' => "'self' data:",
'frame-src' => "'self' https://www.youtube-nocookie.com https://www.youtube.com https://player.vimeo.com",
];
foreach($csp::directives as $name) {
$key = $csp->getDirectiveKey($name);
$directives[(bool) $csp->get($key)][] = [
'type' => 'text',
'name' => $key,
'label' => $name,
'placeholder' => (isset($placeholders[$name]) ? $placeholders[$name] : "'self'"),
'collapsed' => 2,
];
}
if(count($directives[1])) $fieldset->import($directives[1]);
if(count($directives[0])) $fieldset->import($directives[0]);
$fieldset->add([
'type' => 'textarea',
'name' => 'directivesOther',
'label' => $this->_('Any other directives'),
'description' => sprintf($this->_('If you wish to use any other available %s directives, you may add them here.'), $textCsp),
'notes' => $this->_('Please enter each directive on a new line.'),
'rows' => 3,
'collapsed' => 2,
]);
$inputfields->add($fieldset);
// Violation Reporting
$fieldset = $modules->get('InputfieldFieldset');
$fieldset->label = $this->_('Violation Reporting');
$fieldset->icon = 'file-text-o';
$fieldset->collapsed = 2;
$fieldset->add([
'type' => 'checkbox',
'name' => 'report',
'label' => $this->_('Enable'),
'notes' => sprintf($this->_('When enabled, %1$s will be inserted after the %2$s %3$s tag.'), '`report-uri.js`', $textCsp, '`<meta>`'),
'icon' => 'square-o',
]);
$fieldset->add([
'type' => 'text',
'name' => 'reportExclude',
'label' => $this->_('Exclude Parameters'),
'description' => $this->_('If you wish to exclude any parameters from the report, please specify them here.'),
'placeholder' => 'e.g. originalPolicy,disposition',
'notes' => $this->_('Please enter a comma delimited list.'),
'showIf' => 'report=1',
'collapsed' => 2,
]);
$fieldset->add([
'type' => 'URL',
'name' => 'reportEndpoint',
'label' => $this->_('Endpoint'),
'description' => $this->_('If a valid URL is entered, the report will be posted to it.'),
'placeholder' => 'https://www.yourdomain.com/your-endpoint',
'showIf' => 'report=1',
'collapsed' => 2,
]);
// Filter False Positives
$fieldsetFilters = $modules->get('InputfieldFieldset');
$fieldsetFilters->label = $this->_('Filter False Positives');
$fieldsetFilters->description = $this->_('If you want to use any of the filters below please select them.');
$fieldsetFilters->notes = $this->_('Any reports that match the parameter and an enabled value filter will not be logged.');
$fieldsetFilters->showIf = 'report=1';
$fieldsetFilters->collapsed = 2;
foreach($csp->reportFilters as $param => $filters) {
$fieldsetFilters->add([
'type' => 'checkboxes',
'name' => 'reportFilters' . ucfirst($param),
'label' => $param,
'options' => $filters,
'optionColumns' => 3,
]);
}
$fieldset->add($fieldsetFilters);
$inputfields->add($fieldset);
// Debug Mode
$inputfields->add([
'type' => 'checkbox',
'name' => 'debug',
'label' => $this->_('Debug Mode'),
'notes' => sprintf(
$this->_('When enabled, error messages and other useful information will be logged to %s.'),
'**' . $this->wire('sanitizer')->kebabCase($csp->className) . '**'
),
'icon' => 'search-plus',
'collapsed' => 2,
]);
return $inputfields;
}
}