blob: a1d19a9f34b3c5801c11b3c1e2538d55c97b7e23 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
|
<?php
declare(strict_types=1);
/**
* SPDX-FileCopyrightText: 2019 Nextcloud GmbH and Nextcloud contributors
* SPDX-License-Identifier: AGPL-3.0-or-later
*/
namespace OCP\AppFramework\Http;
/**
* Class EmptyFeaturePolicy is a simple helper which allows applications
* to modify the FeaturePolicy sent by Nextcloud. Per default the policy
* is forbidding everything.
*
* As alternative with sane exemptions look at FeaturePolicy
*
* @see \OCP\AppFramework\Http\FeaturePolicy
* @since 17.0.0
*/
class EmptyFeaturePolicy {
/** @var string[] of allowed domains to autoplay media */
protected $autoplayDomains = null;
/** @var string[] of allowed domains that can access the camera */
protected $cameraDomains = null;
/** @var string[] of allowed domains that can use fullscreen */
protected $fullscreenDomains = null;
/** @var string[] of allowed domains that can use the geolocation of the device */
protected $geolocationDomains = null;
/** @var string[] of allowed domains that can use the microphone */
protected $microphoneDomains = null;
/** @var string[] of allowed domains that can use the payment API */
protected $paymentDomains = null;
/**
* Allows to use autoplay from a specific domain. Use * to allow from all domains.
*
* @param string $domain Domain to whitelist. Any passed value needs to be properly sanitized.
* @return $this
* @since 17.0.0
*/
public function addAllowedAutoplayDomain(string $domain): self {
$this->autoplayDomains[] = $domain;
return $this;
}
/**
* Allows to use the camera on a specific domain. Use * to allow from all domains
*
* @param string $domain Domain to whitelist. Any passed value needs to be properly sanitized.
* @return $this
* @since 17.0.0
*/
public function addAllowedCameraDomain(string $domain): self {
$this->cameraDomains[] = $domain;
return $this;
}
/**
* Allows the full screen functionality to be used on a specific domain. Use * to allow from all domains
*
* @param string $domain Domain to whitelist. Any passed value needs to be properly sanitized.
* @return $this
* @since 17.0.0
*/
public function addAllowedFullScreenDomain(string $domain): self {
$this->fullscreenDomains[] = $domain;
return $this;
}
/**
* Allows to use the geolocation on a specific domain. Use * to allow from all domains
*
* @param string $domain Domain to whitelist. Any passed value needs to be properly sanitized.
* @return $this
* @since 17.0.0
*/
public function addAllowedGeoLocationDomain(string $domain): self {
$this->geolocationDomains[] = $domain;
return $this;
}
/**
* Allows to use the microphone on a specific domain. Use * to allow from all domains
*
* @param string $domain Domain to whitelist. Any passed value needs to be properly sanitized.
* @return $this
* @since 17.0.0
*/
public function addAllowedMicrophoneDomain(string $domain): self {
$this->microphoneDomains[] = $domain;
return $this;
}
/**
* Allows to use the payment API on a specific domain. Use * to allow from all domains
*
* @param string $domain Domain to whitelist. Any passed value needs to be properly sanitized.
* @return $this
* @since 17.0.0
*/
public function addAllowedPaymentDomain(string $domain): self {
$this->paymentDomains[] = $domain;
return $this;
}
/**
* Get the generated Feature-Policy as a string
*
* @return string
* @since 17.0.0
*/
public function buildPolicy(): string {
$policy = '';
if (empty($this->autoplayDomains)) {
$policy .= "autoplay 'none';";
} else {
$policy .= 'autoplay ' . implode(' ', $this->autoplayDomains);
$policy .= ';';
}
if (empty($this->cameraDomains)) {
$policy .= "camera 'none';";
} else {
$policy .= 'camera ' . implode(' ', $this->cameraDomains);
$policy .= ';';
}
if (empty($this->fullscreenDomains)) {
$policy .= "fullscreen 'none';";
} else {
$policy .= 'fullscreen ' . implode(' ', $this->fullscreenDomains);
$policy .= ';';
}
if (empty($this->geolocationDomains)) {
$policy .= "geolocation 'none';";
} else {
$policy .= 'geolocation ' . implode(' ', $this->geolocationDomains);
$policy .= ';';
}
if (empty($this->microphoneDomains)) {
$policy .= "microphone 'none';";
} else {
$policy .= 'microphone ' . implode(' ', $this->microphoneDomains);
$policy .= ';';
}
if (empty($this->paymentDomains)) {
$policy .= "payment 'none';";
} else {
$policy .= 'payment ' . implode(' ', $this->paymentDomains);
$policy .= ';';
}
return rtrim($policy, ';');
}
}
|
