app/Controller/Headers.php
Function loadCsp has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring. Open
Open
public function loadCsp()
{
if (\Config\Security::$generallyAllowedDomains) {
$this->csp['default-src'] .= ' ' . implode(' ', \Config\Security::$generallyAllowedDomains);
}- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Function __construct has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring. Open
Open
public function __construct()
{
$browser = \App\RequestUtil::getBrowserInfo();
$this->headers['Expires'] = gmdate('D, d M Y H:i:s') . ' GMT';
$this->headers['Last-Modified'] = gmdate('D, d M Y H:i:s') . ' GMT';- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
The method loadCsp() has an NPath complexity of 256. The configured NPath complexity threshold is 200. Open
Open
public function loadCsp()
{
if (\Config\Security::$generallyAllowedDomains) {
$this->csp['default-src'] .= ' ' . implode(' ', \Config\Security::$generallyAllowedDomains);
}- Read upRead up
- Exclude checks
NPathComplexity
Since: 0.1
The NPath complexity of a method is the number of acyclic execution paths through that method. A threshold of 200 is generally considered the point where measures should be taken to reduce complexity.
Example
class Foo {
function bar() {
// lots of complicated code
}
}Source https://phpmd.org/rules/codesize.html#npathcomplexity
Avoid using static access to class '\App\Config' in method 'getHeaders'. Open
Open
if (\App\Config::security('cspHeaderActive')) {- Read upRead up
- Exclude checks
StaticAccess
Since: 1.4.0
Static access causes unexchangeable dependencies to other classes and leads to hard to test code. Avoid using static access at all costs and instead inject dependencies through the constructor. The only case when static access is acceptable is when used for factory methods.
Example
class Foo
{
public function bar()
{
Bar::baz();
}
}Source https://phpmd.org/rules/cleancode.html#staticaccess
Avoid using static access to class '\App\RequestUtil' in method '__construct'. Open
Open
$browser = \App\RequestUtil::getBrowserInfo();- Read upRead up
- Exclude checks
StaticAccess
Since: 1.4.0
Static access causes unexchangeable dependencies to other classes and leads to hard to test code. Avoid using static access at all costs and instead inject dependencies through the constructor. The only case when static access is acceptable is when used for factory methods.
Example
class Foo
{
public function bar()
{
Bar::baz();
}
}Source https://phpmd.org/rules/cleancode.html#staticaccess
Avoid using static access to class '\App\Session' in method 'generateCspToken'. Open
Open
\App\Session::set('CSP_TOKEN', hash('sha256', \App\Encryption::generatePassword(10)));- Read upRead up
- Exclude checks
StaticAccess
Since: 1.4.0
Static access causes unexchangeable dependencies to other classes and leads to hard to test code. Avoid using static access at all costs and instead inject dependencies through the constructor. The only case when static access is acceptable is when used for factory methods.
Example
class Foo
{
public function bar()
{
Bar::baz();
}
}Source https://phpmd.org/rules/cleancode.html#staticaccess
Avoid using static access to class '\App\Config' in method '__construct'. Open
Open
if ($keys = \App\Config::security('hpkpKeysHeader')) {- Read upRead up
- Exclude checks
StaticAccess
Since: 1.4.0
Static access causes unexchangeable dependencies to other classes and leads to hard to test code. Avoid using static access at all costs and instead inject dependencies through the constructor. The only case when static access is acceptable is when used for factory methods.
Example
class Foo
{
public function bar()
{
Bar::baz();
}
}Source https://phpmd.org/rules/cleancode.html#staticaccess
Avoid using static access to class '\App\Encryption' in method 'generateCspToken'. Open
Open
\App\Session::set('CSP_TOKEN', hash('sha256', \App\Encryption::generatePassword(10)));- Read upRead up
- Exclude checks
StaticAccess
Since: 1.4.0
Static access causes unexchangeable dependencies to other classes and leads to hard to test code. Avoid using static access at all costs and instead inject dependencies through the constructor. The only case when static access is acceptable is when used for factory methods.
Example
class Foo
{
public function bar()
{
Bar::baz();
}
}Source https://phpmd.org/rules/cleancode.html#staticaccess
Avoid assigning values to variables in if clauses and the like (line '96', column '7'). Open
Open
public function __construct()
{
$browser = \App\RequestUtil::getBrowserInfo();
$this->headers['Expires'] = gmdate('D, d M Y H:i:s') . ' GMT';
$this->headers['Last-Modified'] = gmdate('D, d M Y H:i:s') . ' GMT';- Read upRead up
- Exclude checks
IfStatementAssignment
Since: 2.7.0
Assignments in if clauses and the like are considered a code smell. Assignments in PHP return the right operand as their result. In many cases, this is an expected behavior, but can lead to many difficult to spot bugs, especially when the right operand could result in zero, null or an empty string and the like.
Example
class Foo
{
public function bar($flag)
{
if ($foo = 'bar') { // possible typo
// ...
}
if ($baz = 0) { // always false
// ...
}
}
}Source http://phpmd.org/rules/cleancode.html#ifstatementassignment
Avoid using static access to class '\App\Config' in method '__construct'. Open
Open
if (\App\Config::security('cspHeaderActive')) {- Read upRead up
- Exclude checks
StaticAccess
Since: 1.4.0
Static access causes unexchangeable dependencies to other classes and leads to hard to test code. Avoid using static access at all costs and instead inject dependencies through the constructor. The only case when static access is acceptable is when used for factory methods.
Example
class Foo
{
public function bar()
{
Bar::baz();
}
}Source https://phpmd.org/rules/cleancode.html#staticaccess
Define a constant instead of duplicating this literal "img-src" 3 times. Open
Open
'img-src' => '\'self\' data:',- Read upRead up
- Exclude checks
Duplicated string literals make the process of refactoring error-prone, since you must be sure to update all occurrences.
On the other hand, constants can be referenced from many places, but only need to be updated in a single place.
Noncompliant Code Example
With the default threshold of 3:
function run() {
prepare('action1'); // Non-Compliant - 'action1' is duplicated 3 times
execute('action1');
release('action1');
}
Compliant Solution
ACTION_1 = 'action1';
function run() {
prepare(ACTION_1);
execute(ACTION_1);
release(ACTION_1);
}
Exceptions
To prevent generating some false-positives, literals having less than 5 characters are excluded.
Define a constant instead of duplicating this literal "\'self\'" 3 times. Open
Open
'form-action' => '\'self\'',- Read upRead up
- Exclude checks
Duplicated string literals make the process of refactoring error-prone, since you must be sure to update all occurrences.
On the other hand, constants can be referenced from many places, but only need to be updated in a single place.
Noncompliant Code Example
With the default threshold of 3:
function run() {
prepare('action1'); // Non-Compliant - 'action1' is duplicated 3 times
execute('action1');
release('action1');
}
Compliant Solution
ACTION_1 = 'action1';
function run() {
prepare(ACTION_1);
execute(ACTION_1);
release(ACTION_1);
}
Exceptions
To prevent generating some false-positives, literals having less than 5 characters are excluded.
Call to method generatePassword from undeclared class \App\Encryption (Did you mean class \Tests\App\Encryption) Open
Open
\App\Session::set('CSP_TOKEN', hash('sha256', \App\Encryption::generatePassword(10)));- Exclude checks
Return type of getInstance() is undeclared type \self Open
Open
public static function getInstance()- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
'style-src' => '\'self\' \'unsafe-inline\'',- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
/**- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
}- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
* @return void- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
/** @todo remove one addres */- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
'frame-src' => '\'self\' mailto: tel:',- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
'Access-Control-Allow-Methods' => 'GET, POST',- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
'Pragma' => 'no-cache',- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
$this->loadCsp();- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
*/- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
* @param string $key- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
{- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
if (headers_sent()) {- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
header_remove($name);- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
'form-action' => '\'self\'',- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
/**- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
* Headers instance..- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
* @var string[]- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
*- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
'frame-ancestors' => '\'self\'',- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
'Referrer-Policy' => 'no-referrer',- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
'X-Xss-Protection' => '1; mode=block',- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
*/- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
public static $instance;- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
* Default header values.- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
'X-Content-Type-Options' => 'nosniff',- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
* Set header.- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
*/- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
foreach ($this->headersToDelete as $name) {- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
*- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
* Headers to delete.- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
$browser = \App\RequestUtil::getBrowserInfo();- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
}- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
*/- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
return;- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
}- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
}- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
/**- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
'img-src' => '\'self\' data:',- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
'connect-src' => '\'self\'',- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
'X-Robots-Tag' => 'none',- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
];- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
/**- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
* Construct, loads default headers depending on the browser and environment.- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
{- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
if (\App\Config::security('cspHeaderActive')) {- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
if ($keys = \App\Config::security('hpkpKeysHeader')) {- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
$this->headers['Public-Key-Pins'] = 'pin-sha256="' . implode('"; pin-sha256="', $keys) . '"; max-age=10000;';- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
/**- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
'X-Frame-Options' => 'sameorigin',- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
$this->headers['Expires'] = gmdate('D, d M Y H:i:s') . ' GMT';- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
$this->headers['X-Ua-Compatible'] = 'IE=11,edge';- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
}- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
if ($browser->https) {- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
}- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
*- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
if (\Config\Security::$generallyAllowedDomains) {- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
}- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
* Default CSP header values.- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
*- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
'Content-Type' => 'text/html; charset=UTF-8',- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
'X-Permitted-Cross-Domain-Policies' => 'none',- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
* @var string[]- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
return self::$instance = new self();- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
header($value);- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
{- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
$return = [];- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
}- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
}- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
}- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
*/- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
'default-src' => '\'self\' blob:',- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
/**- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
*- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
public function setHeader(string $key, string $value)- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
return $return;- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
$return[] = "$name: $value";- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
}- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
public function loadCsp()- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
}- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
/** Default CSP img-src */- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
* @var self- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
'Expect-Ct' => 'enforce; max-age=3600',- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
$this->headers['Cache-Control'] = 'private, must-revalidate';- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
* @return void- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
{- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
}- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
private const CSP_IMG = ['https://api.yetiforce.eu'];- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
* @var string[]- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
/**- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
protected $headers = [- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
'Expires' => '-',- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
* Get headers instance.- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
if (\App\Config::security('cspHeaderActive')) {- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
}- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
}- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
* Generate Content Security Policy token.- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
*/- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
\App\Session::set('CSP_TOKEN', hash('sha256', \App\Encryption::generatePassword(10)));- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
*/- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
*/- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
$this->headers['Pragma'] = 'private';- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
}- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
{- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
return self::$instance;- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
/**- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
$this->csp['frame-ancestors'] .= ' ' . implode(' ', \Config\Security::$allowedFrameDomains);- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
* Get CSP headers string.- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
*- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
$this->csp['img-src'] .= ' ' . implode(' ', \Config\Security::$allowedImageDomains);- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
/**- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
$scp = '';- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
$scp .= "$key $value; ";- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
/**- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
* @return void- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
}- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
* @return string[]- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
if (\Config\Security::$allowedFormDomains) {- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
*- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
*/- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
public $csp = [- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
'script-src' => '\'self\' \'unsafe-inline\' blob:',- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
'Access-Control-Allow-Origin' => '*',- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
public function __construct()- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
$this->headers['Last-Modified'] = gmdate('D, d M Y H:i:s') . ' GMT';- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
$this->headers['Strict-Transport-Security'] = 'max-age=31536000; includeSubDomains; preload';- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
*- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
* @return \self- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
public static function getInstance()- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
}- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
foreach ($this->getHeaders() as $value) {- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
$this->csp['default-src'] .= ' ' . implode(' ', \Config\Security::$generallyAllowedDomains);- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
*- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
}- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
protected $headersToDelete = ['X-Powered-By', 'Server'];- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
public function getCspHeader(): string- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
public function send()- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
public static function generateCspToken(): void- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
}- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
* Load CSP directive.- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
*/- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
if (self::CSP_IMG) {- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
}- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
$this->csp['script-src'] .= ' ' . implode(' ', \Config\Security::$allowedScriptDomains);- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
$this->csp['form-action'] .= ' ' . implode(' ', \Config\Security::$allowedFormDomains);- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
if (\Config\Security::$allowedFrameDomains) {- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
if (\Config\Security::$allowedConnectDomains) {- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
{- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
'font-src' => '\'self\' data:',- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
];- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
*/- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
if ($browser->ie) {- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
}- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
if (isset(self::$instance)) {- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
}- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
}- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
if (\Config\Security::$allowedScriptDomains) {- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
}- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
foreach ($this->csp as $key => $value) {- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
return $scp;- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
if ($browser->https) {- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
}- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
{- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
$this->headers[$key] = $value;- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
/**- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
* Get headers string.- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
$this->csp['connect-src'] .= ' ' . implode(' ', \Config\Security::$allowedConnectDomains);- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
if (\Config\Security::$allowedDomainsLoadInFrame) {- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
$this->csp['frame-src'] .= ' ' . implode(' ', \Config\Security::$allowedDomainsLoadInFrame);- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
*- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
'Last-Modified' => '-',- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
'Cache-Control' => 'private, no-cache, no-store, must-revalidate, post-check=0, pre-check=0',- Exclude checks
Line exceeds 120 characters; contains 121 characters Open
Open
$this->headers['Public-Key-Pins'] = 'pin-sha256="' . implode('"; pin-sha256="', $keys) . '"; max-age=10000;';- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
* @param string $value- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
* Send headers.- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
*- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
/**- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
$this->csp['img-src'] .= ' ' . implode(' ', self::CSP_IMG);- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
if (\Config\Security::$allowedImageDomains) {- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
* @return string- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
public function getHeaders(): array- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
$this->headers['Content-Security-Policy'] = $this->getCspHeader();- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
foreach ($this->headers as $name => $value) {- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
}- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
*/- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
}- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
{- Exclude checks