feat: add ContentSecurityPolicy::clearDirective()

kenjis · kenjis · commit d3904035f244 · 2023-11-15T17:49:19.000+09:00
diff --git a/system/HTTP/ContentSecurityPolicy.php b/system/HTTP/ContentSecurityPolicy.php
@@ -819,4 +819,14 @@ protected function addToHeader(string $name, $values = null)
             $this->reportOnlyHeaders[$name] = implode(' ', $reportSources);
         }
     }
+
+    /**
+     * Clear the directive.
+     *
+     * @param string $directive CSP directive
+     */
+    public function clearDirective(string $directive): void
+    {
+        $this->{$this->directives[$directive]} = [];
+    }
 }
diff --git a/tests/system/HTTP/ContentSecurityPolicyTest.php b/tests/system/HTTP/ContentSecurityPolicyTest.php
@@ -642,4 +642,19 @@ public function testHeaderScriptNonceEmittedOnceGetScriptNonceCalled(): void
         $result = $this->getHeaderEmitted('Content-Security-Policy');
         $this->assertStringContainsString("script-src 'self' 'nonce-", $result);
     }
+
+    public function testClearDirective(): void
+    {
+        $this->prepare();
+
+        $this->csp->addStyleSrc('css.example.com');
+        $this->csp->clearDirective('style-src');
+
+        $this->csp->finalize($this->response);
+
+        $header = $this->response->getHeaderLine('Content-Security-Policy');
+
+        $this->assertStringNotContainsString('style-src ', $header);
+        $this->assertStringNotContainsString('css.example.com', $header);
+    }
 }

Original file line number	Diff line number	Diff line change
`@@ -819,4 +819,14 @@ protected function addToHeader(string $name, $values = null)`
`819`	`819`	`$this->reportOnlyHeaders[$name] = implode(' ', $reportSources);`
`820`	`820`	`}`
`821`	`821`	`}`
	`822`	`+`
	`823`	`+ /**`
	`824`	`+ * Clear the directive.`
	`825`	`+ *`
	`826`	`+ * @param string $directive CSP directive`
	`827`	`+ */`
	`828`	`+ public function clearDirective(string $directive): void`
	`829`	`+ {`
	`830`	`+ $this->{$this->directives[$directive]} = [];`
	`831`	`+ }`
`822`	`832`	`}`