Niharika29 has uploaded a new change for review. https://gerrit.wikimedia.org/r/292794
Change subject: Move header middleware config to a different array to let child classes override it ...................................................................... Move header middleware config to a different array to let child classes override it Change-Id: I3c901ee20305dfc1d14031c9fa4d8fa68a4840bc --- M src/AbstractApp.php 1 file changed, 33 insertions(+), 21 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/wikimedia/slimapp refs/changes/94/292794/1 diff --git a/src/AbstractApp.php b/src/AbstractApp.php index 95622d1..a41e5a2 100644 --- a/src/AbstractApp.php +++ b/src/AbstractApp.php @@ -121,27 +121,9 @@ $this->configureIoc( $this->slim->container ); $this->configureView( $this->slim->view ); - // Add headers to all responses: - // * Vary: Cookie to help upstream caches to the right thing - // * X-Frame-Options: DENY - // * Content-Security-Policy to help protect against XSS attacks - // * Content-Type: text/html; charset=UTF-8 - $headerMiddleware = new HeaderMiddleware( array( - 'Vary' => 'Cookie', - 'X-Frame-Options' => 'DENY', - 'Content-Security-Policy' => - "default-src 'self'; " . - "frame-src 'none'; " . - "object-src 'none'; " . - // Needed for css data:... sprites - "img-src 'self' data:; " . - // Needed for jQuery and Modernizr feature detection - "style-src 'self' 'unsafe-inline'", - // Don't forget to override this for any content that is not - // actually HTML (e.g. json) - 'Content-Type' => 'text/html; charset=UTF-8', - ) ); - $this->slim->add( $headerMiddleware ); + $this->slim->add( + new HeaderMiddleware( $this->setHeaderMiddleware() ) + ); // Add CSRF protection for POST requests $this->slim->add( new CsrfMiddleware() ); @@ -229,4 +211,34 @@ $slim->render( "{$name}.html" ); } )->name( $routeName ); } + + + /** + * Set header middleware config + * + * @return \Wikimedia\Slimapp\HeaderMiddleware Header middleware for app + */ + protected function setHeaderMiddleware() { + // Add headers to all responses: + // * Vary: Cookie to help upstream caches to the right thing + // * X-Frame-Options: DENY + // * Content-Security-Policy to help protect against XSS attacks + // * Content-Type: text/html; charset=UTF-8 + return array( + 'Vary' => 'Cookie', + 'X-Frame-Options' => 'DENY', + 'Content-Security-Policy' => + "default-src 'self'; " . + "frame-src 'none'; " . + "object-src 'none'; " . + // Needed for css data:... sprites + "img-src 'self' data:; " . + // Needed for jQuery and Modernizr feature detection + "style-src 'self' 'unsafe-inline'", + // Don't forget to override this for any content that is not + // actually HTML (e.g. json) + 'Content-Type' => 'text/html; charset=UTF-8', + ); + } +} } -- To view, visit https://gerrit.wikimedia.org/r/292794 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I3c901ee20305dfc1d14031c9fa4d8fa68a4840bc Gerrit-PatchSet: 1 Gerrit-Project: wikimedia/slimapp Gerrit-Branch: master Gerrit-Owner: Niharika29 <nihar...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits