tyler.durden
/
icingaweb2
mirror of https://github.com/Icinga/icingaweb2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Enable strict CSP if configured

This commit is contained in:
Johannes Meyer 2023-08-28 10:19:32 +02:00
parent 1cd1b500b3
commit e3ebe109eb
2 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
library/Icinga/Web/Controller/ActionController.php
View File

@ -6,6 +6,7 @@ namespace Icinga\Web\Controller;
use Icinga\Application\Modules\Module;
use Icinga\Common\PdfExport;
use Icinga\File\Pdf;
use Icinga\Util\Csp;
use Icinga\Web\View;
use ipl\I18n\Translation;
use Zend_Controller_Action;
@ -171,6 +172,10 @@ class ActionController extends Zend_Controller_Action
$this->redirectToLogin(Url::fromRequest());
}
if (! $this->isXhr() && $this->Config()->get('security', 'use_strict_csp', false)) {
Csp::createNonce();
}
$this->view->tabs = new Tabs();
$this->prepareInit();
$this->init();

6
library/Icinga/Web/Response.php
View File

@ -3,6 +3,8 @@
namespace Icinga\Web;
use Icinga\Application\Config;
use Icinga\Util\Csp;
use Zend_Controller_Response_Http;
use Icinga\Application\Icinga;
use Icinga\Web\Response\JsonResponse;
@ -370,6 +372,10 @@ class Response extends Zend_Controller_Response_Http
if ($redirectUrl !== null) {
$this->setRedirect($redirectUrl->getAbsoluteUrl());
}
if (Csp::getStyleNonce() && Config::app()->get('security', 'use_strict_csp', false)) {
Csp::addHeader($this);
}
}
if (! $this->getHeader('Content-Type', true)) {