diff --git a/seckit.services.yml b/seckit.services.yml index 87ea11a15..89e2519a5 100644 --- a/seckit.services.yml +++ b/seckit.services.yml @@ -1,7 +1,7 @@ services: seckit.subscriber: class: Drupal\seckit\EventSubscriber\SecKitEventSubscriber - arguments: ['@logger.channel.seckit', '@config.factory'] + arguments: ['@logger.channel.seckit', '@config.factory', '@module_handler'] tags: - { name: event_subscriber } logger.channel.seckit: diff --git a/src/EventSubscriber/SecKitEventSubscriber.php b/src/EventSubscriber/SecKitEventSubscriber.php index 42b1f8740..1bad8438f 100644 --- a/src/EventSubscriber/SecKitEventSubscriber.php +++ b/src/EventSubscriber/SecKitEventSubscriber.php @@ -5,6 +5,7 @@ use Drupal\Component\Utility\Xss; use Drupal\Component\Utility\UrlHelper; use Drupal\Core\Config\ConfigFactoryInterface; +use Drupal\Core\Extension\ModuleHandlerInterface; use Drupal\Core\StringTranslation\StringTranslationTrait; use Drupal\seckit\SeckitInterface; use Psr\Log\LoggerInterface; @@ -49,6 +50,13 @@ class SecKitEventSubscriber implements EventSubscriberInterface { */ protected $logger; + /** + * Module handler. + * + * @var \Drupal\Core\Extension\ModuleHandlerInterface + */ + protected $moduleHandler; + /** * Constructs an SecKitEventSubscriber object. * @@ -57,9 +65,10 @@ class SecKitEventSubscriber implements EventSubscriberInterface { * @param \Drupal\Core\Config\ConfigFactoryInterface $config_factory * The config factory. */ - public function __construct(LoggerInterface $logger, ConfigFactoryInterface $config_factory) { + public function __construct(LoggerInterface $logger, ConfigFactoryInterface $config_factory, ModuleHandlerInterface $module_handler) { $this->logger = $logger; $this->config = $config_factory->get('seckit.settings'); + $this->moduleHandler = $module_handler; } /** @@ -223,37 +232,37 @@ public function seckitCsp() { // Otherwise prepare directives. // else {. if ($csp_default_src) { - $directives[] = "default-src $csp_default_src"; + $directives['default-src'] = "default-src $csp_default_src"; } if ($csp_script_src) { - $directives[] = "script-src $csp_script_src"; + $directives['script-src'] = "script-src $csp_script_src"; } if ($csp_object_src) { - $directives[] = "object-src $csp_object_src"; + $directives['object-src'] = "object-src $csp_object_src"; } if ($csp_style_src) { - $directives[] = "style-src $csp_style_src"; + $directives['style-src'] = "style-src $csp_style_src"; } if ($csp_img_src) { - $directives[] = "img-src $csp_img_src"; + $directives['img-src'] = "img-src $csp_img_src"; } if ($csp_media_src) { - $directives[] = "media-src $csp_media_src"; + $directives['media-src'] = "media-src $csp_media_src"; } if ($csp_frame_src) { - $directives[] = "frame-src $csp_frame_src"; + $directives['frame-src'] = "frame-src $csp_frame_src"; } if ($csp_frame_ancestors) { - $directives[] = "frame-ancestors $csp_frame_ancestors"; + $directives['frame-ancestors'] = "frame-ancestors $csp_frame_ancestors"; } if ($csp_child_src) { - $directives[] = "child-src $csp_child_src"; + $directives['child-src'] = "child-src $csp_child_src"; } if ($csp_font_src) { - $directives[] = "font-src $csp_font_src"; + $directives['font-src'] = "font-src $csp_font_src"; } if ($csp_connect_src) { - $directives[] = "connect-src $csp_connect_src"; + $directives['connect-src'] = "connect-src $csp_connect_src"; } if ($csp_report_uri) { $base_path = ''; @@ -264,11 +273,14 @@ public function seckitCsp() { $csp_report_uri = ltrim($csp_report_uri, '/'); $base_path = base_path(); } - $directives[] = "report-uri " . $base_path . $csp_report_uri; + $directives['report-uri'] = "report-uri " . $base_path . $csp_report_uri; } if ($csp_upgrade_req) { - $directives[] = 'upgrade-insecure-requests'; + $directives['upgrade-insecure-requests'] = 'upgrade-insecure-requests'; } + + $this->moduleHandler->alter('seckit_csp_directives', $directives); + // Merge directives. $directives = implode('; ', $directives); // }