Jingga/phpOMS
1
0
Fork 0
mirror of https://github.com/Karaka-Management/phpOMS.git synced 2026-01-11 17:58:41 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Pull out security header check

Browse Source
This commit is contained in:
Dennis Eichhorn 2016-07-15 21:19:27 +02:00
parent 2b63386f9f
commit f176329d6c
1 changed files with 23 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
Message/Http/Header.php
View File

@ -114,6 +114,26 @@ class Header extends HeaderAbstract
return array_key_exists($key, $this->header);
}
/**
* Is security header.
*
* @param string $key Header key
*
* @return bool
*
* @throws \Exception
*
* @since 1.0.0
* @author Dennis Eichhorn <d.eichhorn@oms.com>
*/
private function isSecurityHeader(string $key) : bool
{
return $key === 'content-security-policy' ||
$key === 'x-xss-protection' ||
$key === 'x-content-type-options' ||
$key === 'x-frame-options';
}
/**
* {@inheritdoc}
*/
@ -128,10 +148,7 @@ class Header extends HeaderAbstract
if (!$overwrite && isset($this->header[$key])) {
return false;
} elseif ($overwrite && isset($this->header[$key])) {
if($key === 'content-security-policy' ||
$key === 'x-xss-protection' ||
$key === 'x-content-type-options' ||
$key === 'x-frame-options') {
if ($this->isSecurityHeader($key)) {
throw new \Exception('Cannot change security headers.');
}
@ -202,7 +219,8 @@ class Header extends HeaderAbstract
* @since 1.0.0
* @author Dennis Eichhorn <d.eichhorn@oms.com>
*/
public static function getStatusCode() : int {
public static function getStatusCode() : int
{
return http_response_code();
}