diff --git a/basics/dispatching.md b/basics/dispatching.md index 34a36e2..7990628 100644 --- a/basics/dispatching.md +++ b/basics/dispatching.md @@ -41,11 +41,11 @@ $dispatcher->dispatch(function($para1, $para2) { ... }, $staticToCallPara1, $sta The dispatcher accepts the results from the `route()` method of the router which is an array of routes. ```php -$dispatcher->dispatch($router->route($request->getUri()->getRoute())); +$dispatcher->dispatch($router->route($request->uri->getRoute())); ``` Based on the function definition returned by the router it's possible to pass more parameters to the function such e.g. request and response objects. ```php -$dispatcher->dispatch($router->route($request->getUri()->getRoute()), $request, $response); +$dispatcher->dispatch($router->route($request->uri->getRoute()), $request, $response); ``` diff --git a/datastorage/cache.md b/datastorage/cache.md index 2a154f2..ab01c3e 100644 --- a/datastorage/cache.md +++ b/datastorage/cache.md @@ -17,5 +17,5 @@ In order to trigger a re-cache of stylesheets or javascript files make sure to u Example usage: ```php -$head->addAsset(AssetType::JS, $request->getUri()->getBase() . 'Modules/Media/Controller.js?v=' . self::MODULE_VERSION); +$head->addAsset(AssetType::JS, $request->uri->getBase() . 'Modules/Media/Controller.js?v=' . self::MODULE_VERSION); ``` \ No newline at end of file diff --git a/example_app/app.md b/example_app/app.md index 39f866a..6bea8f1 100644 --- a/example_app/app.md +++ b/example_app/app.md @@ -78,7 +78,7 @@ class Application extends ApplicationAbstract /* get data from url endpoints defined by the routes */ $dispatch = $this->dispatcher->dispatch( $this->router->route( - $request->getUri()->getRoute(), + $request->uri->getRoute(), $request->getData('CSRF'), // optional: only required if csrf tokens are used otherwise use null $request->getRouteVerb() // e.g. get, post, put ... ), @@ -91,7 +91,7 @@ class Application extends ApplicationAbstract $pageView->addData('dispatch', $dispatch); // push the headers (no changes to the header are possible afterwards) - $response->getHeader()->push(); + $response->header->push(); // renders the content of the response object (depends on the content type, text/html, json, ...) return $response->getBody(); @@ -107,10 +107,10 @@ class Application extends ApplicationAbstract $request->createRequestHashs(0); // if your application is located in a web-subfolder for easier handling - $request->getUri()->setRootPath('/'); + $request->uri->setRootPath('/'); // this will allow you to create urls based on request data - UriFactory::setupUriBuilder($request->getUri()); + UriFactory::setupUriBuilder($request->uri); return $request; } @@ -121,9 +121,9 @@ class Application extends ApplicationAbstract $response = new HttpResponse(); // you could use the request content-type in order to define the response content-type - $response->getHeader()->set('content-type', 'text/html; charset=utf-8'); + $response->header->set('content-type', 'text/html; charset=utf-8'); - $response->getHeader()->set('x-xss-protection', '1; mode=block'); + $response->header->set('x-xss-protection', '1; mode=block'); // more CSP can be defined here return $response; diff --git a/security/security_guidelines.md b/security/security_guidelines.md index e2bd528..e259f95 100644 --- a/security/security_guidelines.md +++ b/security/security_guidelines.md @@ -23,7 +23,7 @@ if($request->getData('CSRF') === null) { $response->setStatusCode(RequestStatus::R_403); /* optional */ - $response->set($request->getUri()->__toString(), new Notify('Unknown referrer!', NotifyType::INFO)); + $response->set($request->uri->__toString(), new Notify('Unknown referrer!', NotifyType::INFO)); return; } @@ -56,13 +56,13 @@ Scripts and frames must be provided by the own server or google. This is importa The default CSP looks like the following: ```php -$response->getHeader()->set('content-security-policy', 'script-src \'self\'; frame-src \'self\'', true); +$response->header->set('content-security-policy', 'script-src \'self\'; frame-src \'self\'', true); ``` In order to whitelist inline javascript you can use the following logic. This however requires you to know the inline script beforehand `$script`. After setting the CSP header they automatically get locked so that further changes are not possible. This is a security measure in order to prevent any malicious adjustments. ```php -$response->getHeader()->set('content-security-policy', 'script-src \'self\' \'sha256-' . base64_encode(hash('sha256', $script, true)) . '\'; frame-src \'self\'', true); +$response->header->set('content-security-policy', 'script-src \'self\' \'sha256-' . base64_encode(hash('sha256', $script, true)) . '\'; frame-src \'self\'', true); ``` ### X-XSS-Protection @@ -70,7 +70,7 @@ $response->getHeader()->set('content-security-policy', 'script-src \'self\' \'sh This header tells the client browser to use local xss protection if available. ```php -$response->getHeader()->set('x-xss-protection', '1; mode=block'); +$response->header->set('x-xss-protection', '1; mode=block'); ``` ### X-Content-Type-Options @@ -78,7 +78,7 @@ $response->getHeader()->set('x-xss-protection', '1; mode=block'); By using this header browsers which support this feature will ignore the content/mime and recognize the file by the provided header only. ```php -$response->getHeader()->set('x-content-type-options', 'nosniff'); +$response->header->set('x-content-type-options', 'nosniff'); ``` ### X-Frame-Options @@ -86,7 +86,7 @@ $response->getHeader()->set('x-content-type-options', 'nosniff'); The x-frame-options is providing the same protection for frames as the content-security-policy header. Please only use this header in addition to the content-security-policy if you have to but make sure the rules don't contradict with the content-security-policy. ```php -$response->getHeader()->set('x-frame-options', 'SAMEORIGIN'); +$response->header->set('x-frame-options', 'SAMEORIGIN'); ``` ## Superglobals