feat: clearDirective() supports report-uri

kenjis · kenjis · commit 37ab92ef752b · 2023-11-17T16:12:01.000+09:00
diff --git a/system/HTTP/ContentSecurityPolicy.php b/system/HTTP/ContentSecurityPolicy.php
@@ -827,6 +827,12 @@ protected function addToHeader(string $name, $values = null)
      */
     public function clearDirective(string $directive): void
     {
+        if ($directive === 'report-uris') {
+            $this->{$this->directives[$directive]} = null;
+
+            return;
+        }
+
         $this->{$this->directives[$directive]} = [];
     }
 }
diff --git a/tests/system/HTTP/ContentSecurityPolicyTest.php b/tests/system/HTTP/ContentSecurityPolicyTest.php
@@ -650,11 +650,14 @@ public function testClearDirective(): void
         $this->csp->addStyleSrc('css.example.com');
         $this->csp->clearDirective('style-src');
 
+        $this->csp->setReportURI('http://example.com/csp/reports');
+        $this->csp->clearDirective('report-uri');
         $this->csp->finalize($this->response);
 
         $header = $this->response->getHeaderLine('Content-Security-Policy');
 
         $this->assertStringNotContainsString('style-src ', $header);
         $this->assertStringNotContainsString('css.example.com', $header);
+        $this->assertStringNotContainsString('report-uri', $header);
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -827,6 +827,12 @@ protected function addToHeader(string $name, $values = null)`
`827`	`827`	`*/`
`828`	`828`	`public function clearDirective(string $directive): void`
`829`	`829`	`{`
	`830`	`+ if ($directive === 'report-uris') {`
	`831`	`+ $this->{$this->directives[$directive]} = null;`
	`832`	`+`
	`833`	`+ return;`
	`834`	`+ }`
	`835`	`+`
`830`	`836`	`$this->{$this->directives[$directive]} = [];`
`831`	`837`	`}`
`832`	`838`	`}`
Original file line number	Diff line number	Diff line change
`@@ -650,11 +650,14 @@ public function testClearDirective(): void`
`650`	`650`	`$this->csp->addStyleSrc('css.example.com');`
`651`	`651`	`$this->csp->clearDirective('style-src');`
`652`	`652`
	`653`	`+ $this->csp->setReportURI('http://example.com/csp/reports');`
	`654`	`+ $this->csp->clearDirective('report-uri');`
`653`	`655`	`$this->csp->finalize($this->response);`
`654`	`656`
`655`	`657`	`$header = $this->response->getHeaderLine('Content-Security-Policy');`
`656`	`658`
`657`	`659`	`$this->assertStringNotContainsString('style-src ', $header);`
`658`	`660`	`$this->assertStringNotContainsString('css.example.com', $header);`
	`661`	`+ $this->assertStringNotContainsString('report-uri', $header);`
`659`	`662`	`}`
`660`	`663`	`}`