aboutsummaryrefslogtreecommitdiff
path: root/lib/Minz/ActionController.php
diff options
context:
space:
mode:
Diffstat (limited to 'lib/Minz/ActionController.php')
-rw-r--r--lib/Minz/ActionController.php24
1 files changed, 21 insertions, 3 deletions
diff --git a/lib/Minz/ActionController.php b/lib/Minz/ActionController.php
index 1d29d4c20..08ef2a051 100644
--- a/lib/Minz/ActionController.php
+++ b/lib/Minz/ActionController.php
@@ -8,15 +8,22 @@
* The Minz_ActionController class is a controller in the MVC paradigm
*/
class Minz_ActionController {
- protected $view;
- private $csp_policies = array(
+
+ /** @var array<string,string> */
+ private static $csp_default = [
'default-src' => "'self'",
- );
+ ];
+
+ /** @var array<string,string> */
+ private $csp_policies;
+
+ protected $view;
// Gives the possibility to override the default View type.
public static $viewType = 'Minz_View';
public function __construct () {
+ $this->csp_policies = self::$csp_default;
if (class_exists(self::$viewType)) {
$this->view = new self::$viewType();
} else {
@@ -35,6 +42,17 @@ class Minz_ActionController {
}
/**
+ * Set default CSP policies.
+ * @param array<string,string> $policies An array where keys are directives and values are sources.
+ */
+ public static function _defaultCsp($policies) {
+ if (!isset($policies['default-src'])) {
+ Minz_Log::warning('Default CSP policy is not declared', ADMIN_LOG);
+ }
+ self::$csp_default = $policies;
+ }
+
+ /**
* Set CSP policies.
*
* A default-src directive should always be given.
generated by cgit v1.2.3 (git 2.39.1) at 2026-02-10 09:26:21 +0000