Docs4dev
Docs
cakephp / 4.4 / class-cake.http.middleware.cspmiddleware.html

Class CspMiddleware

Content Security Policy Middleware

Options

  • scriptNonce Enable to have a nonce policy added to the script-src directive.
  • styleNonce Enable to have a nonce policy added to the style-src directive.
Namespace: Cake\Http\Middleware

Property Summary

  • $_config protected
    array<string, mixed>

    Runtime config

  • $_configInitialized protected
    bool

    Whether the config property has already been configured with defaults

  • $_defaultConfig protected
    array<string, mixed>

    Configuration options.

  • $csp protected
    ParagonIE\CSPBuilder\CSPBuilder

    CSP Builder

Method Summary

Method Detail

__construct() public

__construct(ParagonIE\CSPBuilder\CSPBuilder|array $csp, array<string, mixed> $config = [])

Constructor

Parameters

ParagonIE\CSPBuilder\CSPBuilder|array $csp

CSP object or config array

array<string, mixed> $config optional

Configuration options.

Throws

RuntimeException

_configDelete() protected

_configDelete(string $key): void

Deletes a single config key.

Parameters

string $key

Key to delete.

Returns

void

Throws

Cake\Core\Exception\CakeException
if attempting to clobber existing config

_configRead() protected

_configRead(string|null $key): mixed

Reads a config key.

Parameters

string|null $key

Key to read.

Returns

mixed

_configWrite() protected

_configWrite(array<string, mixed>|string $key, mixed $value, string|bool $merge = false): void

Writes a config key.

Parameters

array<string, mixed>|string $key

Key to write to.

mixed $value

Value to write.

string|bool $merge optional

True to merge recursively, 'shallow' for simple merge, false to overwrite, defaults to false.

Returns

void

Throws

Cake\Core\Exception\CakeException
if attempting to clobber existing config

configShallow() public

configShallow(array<string, mixed>|string $key, mixed|null $value = null): $this

Merge provided config with existing config. Unlike config() which does a recursive merge for nested keys, this method does a simple merge.

Setting a specific value:

$this->configShallow('key', $value);

Setting a nested value:

$this->configShallow('some.nested.key', $value);

Updating multiple config settings at the same time:

$this->configShallow(['one' => 'value', 'another' => 'value']);

Parameters

array<string, mixed>|string $key

The key to set, or a complete array of configs.

mixed|null $value optional

The value to set.

Returns

$this

getConfig() public

getConfig(string|null $key = null, mixed $default = null): mixed

Returns the config.

Usage

Reading the whole config:

$this->getConfig();

Reading a specific value:

$this->getConfig('key');

Reading a nested value:

$this->getConfig('some.nested.key');

Reading with default value:

$this->getConfig('some-key', 'default-value');

Parameters

string|null $key optional

The key to get or null for the whole config.

mixed $default optional

The return value when the key does not exist.

Returns

mixed

getConfigOrFail() public

getConfigOrFail(string $key): mixed

Returns the config for this specific key.

The config value for this key must exist, it can never be null.

Parameters

string $key

The key to get.

Returns

mixed

Throws

InvalidArgumentException

process() public

process(ServerRequestInterface $request, RequestHandlerInterface $handler): Psr\Http\Message\ResponseInterface

Add nonces (if enabled) to the request and apply the CSP header to the response.

Processes an incoming server request in order to produce a response. If unable to produce the response itself, it may delegate to the provided request handler to do so.

Parameters

ServerRequestInterface $request

The request.

RequestHandlerInterface $handler

The request handler.

Returns

Psr\Http\Message\ResponseInterface

setConfig() public

setConfig(array<string, mixed>|string $key, mixed|null $value = null, bool $merge = true): $this

Sets the config.

Usage

Setting a specific value:

$this->setConfig('key', $value);

Setting a nested value:

$this->setConfig('some.nested.key', $value);

Updating multiple config settings at the same time:

$this->setConfig(['one' => 'value', 'another' => 'value']);

Parameters

array<string, mixed>|string $key

The key to set, or a complete array of configs.

mixed|null $value optional

The value to set.

bool $merge optional

Whether to recursively merge or overwrite existing config, defaults to true.

Returns

$this

Throws

Cake\Core\Exception\CakeException
When trying to set a key that is invalid.

Property Detail

$_config protected

Runtime config

Type

array<string, mixed>

$_configInitialized protected

Whether the config property has already been configured with defaults

Type

bool

$_defaultConfig protected

Configuration options.

Type

array<string, mixed>

$csp protected

CSP Builder

Type

ParagonIE\CSPBuilder\CSPBuilder

© 2005–present The Cake Software Foundation, Inc.
Licensed under the MIT License.
CakePHP is a registered trademark of Cake Software Foundation, Inc.
We are not endorsed by or affiliated with CakePHP.
https://api.cakephp.org/4.4/class-Cake.Http.Middleware.CspMiddleware.html