Koha::ContentSecurityPolicy - Object for handling Content-Security-Policy header
use Koha::ContentSecurityPolicy;
my $csp = Koha::ContentSecurityPolicy->new;
if ($csp->is_enabled) {
$options->{$csp->header_name} = $csp->header_value;
}
print $cgi->header($options), $data;
TODO
my $csp = Koha::ContentSecurityPolicy->new;
$csp->header_name($args);
Given C<$args>, returns the name of the CSP header.
C<$args> can contain the following keys (and values)
- interface:
- defaults to L<C4::Context>->interface.
- can be one of: C<opac>, C<intranet>
Returns 'Content-Security-Policy' if CSP is in "enabled" csp_mode
Returns 'Content-Security-Policy-Report-Only' if CSP in "report-only" csp_mode
Throws Koha::Exceptions::Config::MissingEntry is CSP csp_mode is disabled in KOHA_CONF
$csp->header_value($args);
Given C<$args>, returns the value of the CSP header.
C<$args> can contain the following keys (and values)
- interface:
- defaults to L<C4::Context>->interface.
- can be one of: C<opac>, C<intranet>
Returns content_security_policy.[opac|staff].csp_header_value
$csp->is_enabled($args);
Given C<$args>, checks if CSP is enabled
C<$args> can contain the following keys (and values)
- interface:
- defaults to L<C4::Context>->interface.
- can be one of: C<opac>, C<intranet>
Returns 0 if CSP is disabled for given C<$args>
Returns 1 if CSP is enabled for given C<$args>
$csp->get_nonce();
Returns the previously set nonce.
A CSP nonce is a random token that is used both in the inline scripts
and the Content-Security-Policy[-Report-Only] response header.
$csp->set_nonce($nonce);
Set the nonce value.
If value is provided, that value is used. Otherwise, a value is generated.
A CSP nonce is a random token that is used both in the inline scripts
and the Content-Security-Policy[-Report-Only] response header.