Add function for sending complete CSP headers

2020-11-22 17:45:07 +01:00 · 2020-11-22 17:45:07 +01:00 · 90997e4eb5
commit 90997e4eb5
parent c60932088d
1 changed files with 13 additions and 0 deletions
--- a/MD_STD_SEC.php
+++ b/MD_STD_SEC.php
@ -122,4 +122,17 @@ final class MD_STD_SEC {
        return true;

    }
+
+    /**
+     * Send CSP headers.
+     *
+     * @param array{default-src: string, connect-src: string, script-src: string, img-src: string, media-src: string, style-src: string, frame-src: string, object-src: string, base-uri: string, form-action: string} $directives Directives to send. Font source is always set to 'self', and hence excluded.
+     *
+     * @return void
+     */
+    public static function sendContentSecurityPolicy(array $directives):void {
+
+        header('Content-Security-Policy: default-src ' . $directives['default-src'] . '; connect-src ' . $directives['connect-src'] . '; script-src ' . $directives['script-src'] . '; img-src ' . $directives['img-src'] . '; media-src ' . $directives['media-src'] . '; style-src ' . $directives['style-src'] . '; font-src \'self\'; frame-src ' . $directives['frame-src'] . '; object-src ' . $directives['object-src'] . '; base-uri ' . $directives['base-uri'] . '; form-action ' . $directives['form-action'] . '; manifest-src \'self\'');
+
+    }
 }