Server : LiteSpeed System : Linux premium84.web-hosting.com 4.18.0-553.44.1.lve.el8.x86_64 #1 SMP Thu Mar 13 14:29:12 UTC 2025 x86_64 User : claqxcrl ( 523) PHP Version : 8.1.32 Disable Function : NONE Directory : /home/claqxcrl/anfangola.com/wp-content/plugins/matomo/app/core/View/ |
<?php
/**
* Matomo - free/libre analytics platform
*
* @link https://matomo.org
* @license http://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later
*
*/
namespace Piwik\View;
use Piwik\Config;
/**
* Content Security Policy HTTP Header management class
*
*/
class SecurityPolicy
{
/*
* Commonly used rules
*/
const RULE_DEFAULT = "'self' 'unsafe-inline' 'unsafe-eval'";
const RULE_IMG_DEFAULT = "'self' 'unsafe-inline' 'unsafe-eval' data:";
const RULE_EMBEDDED_FRAME = "'self' 'unsafe-inline' 'unsafe-eval' data: https: http:";
/**
* The policies that will generate the CSP header.
* These are keyed by the directive.
*
* @var array
*/
private $policies = array();
private $cspEnabled;
private $reportOnly;
/**
* Constructor.
*/
public function __construct(Config $config)
{
$this->policies['default-src'] = self::RULE_DEFAULT;
$this->policies['img-src'] = self::RULE_IMG_DEFAULT;
$generalConfig = $config->General;
$this->cspEnabled = $generalConfig['csp_enabled'] ?? true;
$this->reportOnly = $generalConfig['csp_report_only'] ?? false;
}
/**
* Appends a policy to a directive.
*
* @api
*/
public function addPolicy($directive, $value)
{
if (isset($this->policies[$directive])) {
$this->policies[$directive] .= ' ' . $value;
} else {
$this->policies[$directive] = $value;
}
}
/**
* Removes a directive.
*
* @api
*/
public function removeDirective($directive)
{
if (isset($this->policies[$directive])) {
unset($this->policies[$directive]);
}
}
/**
* Overrides a directive.
*
* @api
*/
public function overridePolicy($directive, $value)
{
$this->policies[$directive] = $value;
}
/**
* Disable CSP
*
* @api
*/
public function disable()
{
$this->cspEnabled = false;
}
/**
* Creates the Header String that can be inserted in the Content-Security-Policy header.
*
* @return string
*/
public function createHeaderString()
{
if (!$this->cspEnabled) {
return '';
}
if ($this->reportOnly) {
$headerString = 'Content-Security-Policy-Report-Only: ';
} else {
$headerString = 'Content-Security-Policy: ';
}
foreach ($this->policies as $directive => $values) {
$headerString .= $directive . ' ' . $values . '; ';
}
return $headerString;
}
/**
* A less restrictive CSP which will allow embedding other sites with iframes
* (useful for heatmaps and session recordings)
*
* @api
*/
public function allowEmbedPage()
{
$this->overridePolicy('default-src', self::RULE_EMBEDDED_FRAME);
$this->overridePolicy('img-src', self::RULE_EMBEDDED_FRAME);
$this->addPolicy('script-src', self::RULE_DEFAULT);
}
}