Jingga/phpOMS
1
0
Fork 0
mirror of https://github.com/Karaka-Management/phpOMS.git synced 2026-02-08 21:28:40 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Pull out security header check

Browse Source
This commit is contained in:
Dennis Eichhorn 2016-07-15 21:19:27 +02:00
parent 2b63386f9f
commit f176329d6c
1 changed files with 23 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
Message/Http/Header.php
View File

@ -114,6 +114,26 @@ class Header extends HeaderAbstract
return array_key_exists($key, $this->header); return array_key_exists($key, $this->header);
} }
/**
* Is security header.
*
* @param string $key Header key
*
* @return bool
*
* @throws \Exception
*
* @since 1.0.0
* @author Dennis Eichhorn <d.eichhorn@oms.com>
*/
private function isSecurityHeader(string $key) : bool
{
return $key === 'content-security-policy' ||
$key === 'x-xss-protection' ||
$key === 'x-content-type-options' ||
$key === 'x-frame-options';
}
/** /**
* {@inheritdoc} * {@inheritdoc}
*/ */
@ -128,10 +148,7 @@ class Header extends HeaderAbstract
if (!$overwrite && isset($this->header[$key])) { if (!$overwrite && isset($this->header[$key])) {
return false; return false;
} elseif ($overwrite && isset($this->header[$key])) { } elseif ($overwrite && isset($this->header[$key])) {
if($key === 'content-security-policy' || if ($this->isSecurityHeader($key)) {
$key === 'x-xss-protection' ||
$key === 'x-content-type-options' ||
$key === 'x-frame-options') {
throw new \Exception('Cannot change security headers.'); throw new \Exception('Cannot change security headers.');
} }
@ -202,7 +219,8 @@ class Header extends HeaderAbstract
* @since 1.0.0 * @since 1.0.0
* @author Dennis Eichhorn <d.eichhorn@oms.com> * @author Dennis Eichhorn <d.eichhorn@oms.com>
*/ */
public static function getStatusCode() : int { public static function getStatusCode() : int
{
return http_response_code(); return http_response_code();
} }