Skip to content

Commit

Permalink
Transform paragonie/csp-builder to bepsvpt/csp-builder
Browse files Browse the repository at this point in the history
  • Loading branch information
@bepsvpt
bepsvpt committed Jul 25, 2017
1 parent 3d2d82b commit 4ce4f14
Show file tree
Hide file tree
Showing 4 changed files with 109 additions and 87 deletions.
8 changes: 4 additions & 4 deletions composer.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,14 +12,14 @@
],
"require": {
"php": "^7.0",
"bepsvpt/csp-builder": "1.0.*",
"illuminate/support": "^5.1",
"paragonie/csp-builder": "^2.0",
"paragonie/hpkp-builder": "^0.1"
},
"require-dev": {
"codeclimate/php-test-reporter": "^0.4",
"orchestra/testbench": "^3.4",
"phpunit/phpunit": "^5.7"
"codeclimate/php-test-reporter": "0.4.*",
"orchestra/testbench": "3.4.*",
"phpunit/phpunit": "5.7.*"
},
"autoload": {
"psr-4": {
Expand Down
160 changes: 81 additions & 79 deletions composer.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

7 changes: 3 additions & 4 deletions src/SecureHeaders.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
namespace Bepsvpt\SecureHeaders;

use InvalidArgumentException;
use ParagonIE\CSPBuilder\CSPBuilder;
use Bepsvpt\CSPBuilder\CSPBuilder;
use ParagonIE\HPKPBuilder\HPKPBuilder;
use RuntimeException;

Expand Down Expand Up @@ -119,11 +119,10 @@ protected function csp()
$csp = new CSPBuilder($this->config['csp']);

if (! ($this->config['csp']['https-transform-on-https-connections'] ?? true)) {
/* @todo wait for upstream package releasing new version */
// $csp = $csp->disableHttpsTransformOnHttpsConnections();
$csp = $csp->disableHttpTransformOnHttpsConnection();
}

return $csp->getHeaderArray(false);
return $csp->getHeaderArray();
}

/**
Expand Down
21 changes: 21 additions & 0 deletions tests/SecureHeadersTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -92,4 +92,25 @@ public function test_hsts()
'Strict-Transport-Security' => 'max-age=15552000; preload; includeSubDomains;',
], $headers, true);
}

public function test_disable_https_transform()
{
$_SERVER['HTTPS'] = 'on';

$config = require $this->configPath;

$config['csp']['form-action']['allow'][] = 'http://example.com';

$headers = (new SecureHeaders($config))->headers();

$this->assertContains('https://example.com', $headers['Content-Security-Policy']);
$this->assertNotContains('http://example.com', $headers['Content-Security-Policy']);

$config['csp']['https-transform-on-https-connections'] = false;

$headers = (new SecureHeaders($config))->headers();

$this->assertContains('http://example.com', $headers['Content-Security-Policy']);
$this->assertNotContains('https://example.com', $headers['Content-Security-Policy']);
}
}

0 comments on commit 4ce4f14

Please sign in to comment.