From 37a4282c7ae27c518ce7143be491a00a651e4f4a Mon Sep 17 00:00:00 2001 From: Roeland Jago Douma Date: Sat, 27 Jul 2019 16:04:51 +0200 Subject: Split up security middleware With upcoming work for the feature policy header. Splitting this in smaller classes that just do 1 thing makes sense. I rather have a few small classes that are tiny and do 1 thing right (and we all understand what is going on) than have big ones. Signed-off-by: Roeland Jago Douma --- lib/private/AppFramework/DependencyInjection/DIContainer.php | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'lib/private/AppFramework/DependencyInjection') diff --git a/lib/private/AppFramework/DependencyInjection/DIContainer.php b/lib/private/AppFramework/DependencyInjection/DIContainer.php index 6d337bb9327..f47af340b38 100644 --- a/lib/private/AppFramework/DependencyInjection/DIContainer.php +++ b/lib/private/AppFramework/DependencyInjection/DIContainer.php @@ -220,13 +220,17 @@ class DIContainer extends SimpleContainer implements IAppContainer { $server->getUserSession()->isLoggedIn(), $server->getGroupManager()->isAdmin($this->getUserId()), $server->getUserSession()->getUser() !== null && $server->query(ISubAdmin::class)->isSubAdmin($server->getUserSession()->getUser()), - $server->getContentSecurityPolicyManager(), - $server->getCsrfTokenManager(), - $server->getContentSecurityPolicyNonceManager(), $server->getAppManager(), $server->getL10N('lib') ); $dispatcher->registerMiddleware($securityMiddleware); + $dispatcher->registerMiddleware( + new OC\AppFramework\Middleware\Security\CSPMiddleware( + $server->query(OC\Security\CSP\ContentSecurityPolicyManager::class), + $server->query(OC\Security\CSP\ContentSecurityPolicyNonceManager::class), + $server->query(OC\Security\CSRF\CsrfTokenManager::class) + ) + ); $dispatcher->registerMiddleware( new OC\AppFramework\Middleware\Security\PasswordConfirmationMiddleware( $c->query(IControllerMethodReflector::class), -- cgit v1.2.3