BookStack/app/Http/Middleware/ApplyCspRules.php

46 lines
1,003 B
PHP
Raw Normal View History

2021-09-04 00:32:42 +02:00
<?php
namespace BookStack\Http\Middleware;
use BookStack\Util\CspService;
2021-09-04 00:32:42 +02:00
use Closure;
use Illuminate\Http\Request;
class ApplyCspRules
{
/**
* @var CspService
*/
protected $cspService;
public function __construct(CspService $cspService)
{
$this->cspService = $cspService;
}
2021-09-04 00:32:42 +02:00
/**
* Handle an incoming request.
*
* @param Request $request
* @param Closure $next
*
* @return mixed
*/
public function handle($request, Closure $next)
{
view()->share('cspNonce', $this->cspService->getNonce());
if ($this->cspService->allowedIFrameHostsConfigured()) {
config()->set('session.same_site', 'none');
}
2021-09-04 00:32:42 +02:00
$response = $next($request);
$this->cspService->setFrameAncestors($response);
$this->cspService->setScriptSrc($response);
$this->cspService->setObjectSrc($response);
$this->cspService->setBaseUri($response);
2021-09-04 00:32:42 +02:00
return $response;
}
}