Add support for blob:, filesystem: and mediastream: URIs.

See #17
paragonie · Nov 20, 2017 · aee68bf · aee68bf
1 parent c109412
commit aee68bf
Showing 1 changed file with 54 additions and 0 deletions.
diff --git a/src/CSPBuilder.php b/src/CSPBuilder.php
@@ -472,6 +472,21 @@ public function sendCSPHeader(bool $legacy = true): bool
         return true;
     }
 
+    /**
+     * @param string $directive
+     * @param bool $allow
+     * @return self
+     * @throws \Exception
+     */
+    public function setBlobAllowed(string $directive = '', bool $allow = false): self
+    {
+        if (!\in_array($directive, self::$directives)) {
+            throw new \Exception('Directive ' . $directive . ' does not exist');
+        }
+        $this->policies[$directive]['blob'] = $allow;
+        return $this;
+    }
+
     /**
      * @param string $directive
      * @param bool $allow
@@ -487,6 +502,36 @@ public function setDataAllowed(string $directive = '', bool $allow = false): sel
         return $this;
     }
 
+    /**
+     * @param string $directive
+     * @param bool $allow
+     * @return self
+     * @throws \Exception
+     */
+    public function setFileSystemAllowed(string $directive = '', bool $allow = false): self
+    {
+        if (!\in_array($directive, self::$directives)) {
+            throw new \Exception('Directive ' . $directive . ' does not exist');
+        }
+        $this->policies[$directive]['filesystem'] = $allow;
+        return $this;
+    }
+
+    /**
+     * @param string $directive
+     * @param bool $allow
+     * @return self
+     * @throws \Exception
+     */
+    public function setMediaStreamAllowed(string $directive = '', bool $allow = false): self
+    {
+        if (!\in_array($directive, self::$directives)) {
+            throw new \Exception('Directive ' . $directive . ' does not exist');
+        }
+        $this->policies[$directive]['mediastream'] = $allow;
+        return $this;
+    }
+
     /**
      * Allow self URIs for a given directive
      *
@@ -651,9 +696,18 @@ protected function compileSubgroup(string $directive, $policies = []): string
         if (!empty($policies['unsafe-eval'])) {
             $ret .= "'unsafe-eval' ";
         }
+        if (!empty($policies['blob'])) {
+            $ret .= "blob: ";
+        }
         if (!empty($policies['data'])) {
             $ret .= "data: ";
         }
+        if (!empty($policies['mediastream'])) {
+            $ret .= "mediastream: ";
+        }
+        if (!empty($policies['filesystem'])) {
+            $ret .= "filesystem: ";
+        }
         if (!empty($policies['strict-dynamic'])) {
             $ret .= "'strict-dynamic' ";
         }