From f89819bd64bb5ada706f9b85abd6f7b600a95786 Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Mon, 23 May 2022 14:03:19 +0200 Subject: Custom logo HTML (#4369) * Custom logo HTML Add option for custom HTML logo/title in the main Web UI view. Can potentially be different per user. #fix https://github.com/FreshRSS/FreshRSS/pull/3830/files#r850472247 * logo_html in main config With new `./data/config.custom.php` to provide custom values before install * Docker documentation * whitespace * Auto relax CSP to allow images for HTML logo * Documentation --- lib/Minz/ActionController.php | 24 +++++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) (limited to 'lib/Minz/ActionController.php') diff --git a/lib/Minz/ActionController.php b/lib/Minz/ActionController.php index 1d29d4c20..08ef2a051 100644 --- a/lib/Minz/ActionController.php +++ b/lib/Minz/ActionController.php @@ -8,15 +8,22 @@ * The Minz_ActionController class is a controller in the MVC paradigm */ class Minz_ActionController { - protected $view; - private $csp_policies = array( + + /** @var array */ + private static $csp_default = [ 'default-src' => "'self'", - ); + ]; + + /** @var array */ + private $csp_policies; + + protected $view; // Gives the possibility to override the default View type. public static $viewType = 'Minz_View'; public function __construct () { + $this->csp_policies = self::$csp_default; if (class_exists(self::$viewType)) { $this->view = new self::$viewType(); } else { @@ -34,6 +41,17 @@ class Minz_ActionController { return $this->view; } + /** + * Set default CSP policies. + * @param array $policies An array where keys are directives and values are sources. + */ + public static function _defaultCsp($policies) { + if (!isset($policies['default-src'])) { + Minz_Log::warning('Default CSP policy is not declared', ADMIN_LOG); + } + self::$csp_default = $policies; + } + /** * Set CSP policies. * -- cgit v1.2.3