Add missing directives in CSP #175

MadCat34 · 2019-04-06T00:21:28Z

Provide a narrative description of what you are trying to accomplish:

Some directives are missing in Fetch directive

child-src
manifest-src
worker-src
prefetch-src
script-src-elem
script-src-attr
style-src-elem
style-src-attr

And some Navigation, Document and Reporting directives are missing.

base-uri
plugin-types
form-action
frame-ancestors
navigate-to
report-to

Code to reproduce the issue

$csp = new ContentSecurityPolicy();
$csp->setDirective('worker-src', ['https://*.google.com', 'http://foo.com']);
$csp->toString();

Actual result

Throw a Exception\InvalidArgumentException

New result

toString() should return "Content-Security-Policy: worker-src https://*.google.com http://foo.com;"

This PR fixes #163

test/Header/ContentSecurityPolicyTest.php

Close #175 Fix #163

michalbundyra · 2019-12-02T20:43:52Z

Thanks, @MadCat34!

MadCat34 · 2019-12-02T21:37:59Z

Thanks, @michalbundyra

Ocramius suggested changes Apr 6, 2019

View reviewed changes

test/Header/ContentSecurityPolicyTest.php Outdated Show resolved Hide resolved

weierophinney assigned Xerkus Apr 30, 2019

michalbundyra added this to the 2.10.1 milestone Aug 22, 2019

michalbundyra added the bug label Aug 22, 2019

michalbundyra modified the milestones: 2.10.1, 2.11.0 Sep 26, 2019

michalbundyra added the enhancement label Sep 26, 2019

michalbundyra removed the bug label Dec 2, 2019

michalbundyra unassigned Xerkus Dec 2, 2019

MadCat34 and others added 3 commits December 2, 2019 19:35

Add missing directives in CSP

27b0c2a

CSP header - group valid directive names

67a8b30

Change variable name in test

54ba0a9

michalbundyra changed the base branch from master to develop December 2, 2019 20:34

michalbundyra added 4 commits December 2, 2019 20:35

Rename data provider

6508f47

Array formatting fix - each element in separate line

8155ce4

Adds test to check valid directives also on parsing header from string

58688ee

Move test below data provider

0ec168c

michalbundyra approved these changes Dec 2, 2019

View reviewed changes

michalbundyra added a commit that referenced this pull request Dec 2, 2019

Adds CHANGELOG entry for #175

5802ba9

michalbundyra added a commit that referenced this pull request Dec 2, 2019

Merge branch 'feature/175' into develop

9476ebd

Close #175 Fix #163

michalbundyra merged commit 0ec168c into zendframework:develop Dec 2, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add missing directives in CSP #175

Add missing directives in CSP #175

MadCat34 commented Apr 6, 2019 •

edited

Loading

michalbundyra commented Dec 2, 2019

MadCat34 commented Dec 2, 2019

Add missing directives in CSP #175

Add missing directives in CSP #175

Conversation

MadCat34 commented Apr 6, 2019 • edited Loading

Code to reproduce the issue

Actual result

New result

michalbundyra commented Dec 2, 2019

MadCat34 commented Dec 2, 2019

MadCat34 commented Apr 6, 2019 •

edited

Loading