]> BookStack Code Mirror - bookstack/blob - app/Http/Middleware/ApplyCspRules.php
projects / bookstack / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Added test for logical-theme-system command registration
[bookstack] / app / Http / Middleware / ApplyCspRules.php
1 <?php
2
3 namespace BookStack\Http\Middleware;
4
5 use BookStack\Util\CspService;
6 use Closure;
7 use Illuminate\Http\Request;
8
9 class ApplyCspRules
10 {
11     /**
12      * @var CspService
13      */
14     protected $cspService;
15
16     public function __construct(CspService $cspService)
17     {
18         $this->cspService = $cspService;
19     }
20
21     /**
22      * Handle an incoming request.
23      *
24      * @param Request $request
25      * @param Closure $next
26      *
27      * @return mixed
28      */
29     public function handle($request, Closure $next)
30     {
31         view()->share('cspNonce', $this->cspService->getNonce());
32         if ($this->cspService->allowedIFrameHostsConfigured()) {
33             config()->set('session.same_site', 'none');
34         }
35
36         $response = $next($request);
37
38         $this->cspService->setFrameAncestors($response);
39         $this->cspService->setScriptSrc($response);
40         $this->cspService->setObjectSrc($response);
41         $this->cspService->setBaseUri($response);
42
43         return $response;
44     }
45 }
The core source code for the BookStack project.