diff options
| -rw-r--r-- | docs/en/developers/03_Backend/05_Extensions.md | 13 | ||||
| -rw-r--r-- | lib/Minz/ActionController.php | 3 | ||||
| -rw-r--r-- | lib/Minz/Extension.php | 16 |
3 files changed, 32 insertions, 0 deletions
diff --git a/docs/en/developers/03_Backend/05_Extensions.md b/docs/en/developers/03_Backend/05_Extensions.md index 644420440..770ea29cc 100644 --- a/docs/en/developers/03_Backend/05_Extensions.md +++ b/docs/en/developers/03_Backend/05_Extensions.md @@ -164,6 +164,19 @@ The following events are available: * `post_update` (`function(none) -> none`): **TODO** add documentation. * `simplepie_before_init` (`function($simplePie, $feed) -> none`): **TODO** add documentation. +### Injecting CDN content + +When using the `init` method, it is possible to inject scripts from CDN using the `Minz_View::appendScript` directive. +FreshRSS will include the script in the page but will not load it since it will be blocked by the default content security policy (**CSP**). +To amend the existing CSP, you need to define the extension CSP policies: +```php +// in the extension.php file +protected array $csp_policies = [ + 'default-src' => 'example.org', +]; +``` +This will only amend the extension CSP to FreshRSS CSP. + ### Writing your own configure.phtml When you want to support user configurations for your extension or simply display some information, you have to create the `configure.phtml` file. diff --git a/lib/Minz/ActionController.php b/lib/Minz/ActionController.php index 809a52337..12f14b0f4 100644 --- a/lib/Minz/ActionController.php +++ b/lib/Minz/ActionController.php @@ -99,6 +99,9 @@ abstract class Minz_ActionController { */ public function declareCspHeader(): void { $policies = []; + foreach (Minz_ExtensionManager::listExtensions(true) as $extension) { + $extension->amendCsp($this->csp_policies); + } foreach ($this->csp_policies as $directive => $sources) { $policies[] = $directive . ' ' . $sources; } diff --git a/lib/Minz/Extension.php b/lib/Minz/Extension.php index 206892bf9..15fae77a6 100644 --- a/lib/Minz/Extension.php +++ b/lib/Minz/Extension.php @@ -26,6 +26,9 @@ abstract class Minz_Extension { private bool $is_enabled; + /** @var string[] */ + protected array $csp_policies = []; + /** * The constructor to assign specific information to the extension. * @@ -390,4 +393,17 @@ abstract class Minz_Extension { unlink($path); } } + + /** + * @param string[] $policies + */ + public function amendCsp(array &$policies): void { + foreach ($this->csp_policies as $policy => $source) { + if (array_key_exists($policy, $policies)) { + $policies[$policy] .= ' ' . $source; + } else { + $policies[$policy] = $source; + } + } + } } |