Niharika29 has uploaded a new change for review.
https://gerrit.wikimedia.org/r/292794
Change subject: Move header middleware config to a different array to let child
classes override it
......................................................................
Move header middleware config to a different array to let child classes
override it
Change-Id: I3c901ee20305dfc1d14031c9fa4d8fa68a4840bc
---
M src/AbstractApp.php
1 file changed, 33 insertions(+), 21 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/wikimedia/slimapp
refs/changes/94/292794/1
diff --git a/src/AbstractApp.php b/src/AbstractApp.php
index 95622d1..a41e5a2 100644
--- a/src/AbstractApp.php
+++ b/src/AbstractApp.php
@@ -121,27 +121,9 @@
$this->configureIoc( $this->slim->container );
$this->configureView( $this->slim->view );
- // Add headers to all responses:
- // * Vary: Cookie to help upstream caches to the right thing
- // * X-Frame-Options: DENY
- // * Content-Security-Policy to help protect against XSS attacks
- // * Content-Type: text/html; charset=UTF-8
- $headerMiddleware = new HeaderMiddleware( array(
- 'Vary' => 'Cookie',
- 'X-Frame-Options' => 'DENY',
- 'Content-Security-Policy' =>
- "default-src 'self'; " .
- "frame-src 'none'; " .
- "object-src 'none'; " .
- // Needed for css data:... sprites
- "img-src 'self' data:; " .
- // Needed for jQuery and Modernizr feature
detection
- "style-src 'self' 'unsafe-inline'",
- // Don't forget to override this for any content that
is not
- // actually HTML (e.g. json)
- 'Content-Type' => 'text/html; charset=UTF-8',
- ) );
- $this->slim->add( $headerMiddleware );
+ $this->slim->add(
+ new HeaderMiddleware( $this->setHeaderMiddleware() )
+ );
// Add CSRF protection for POST requests
$this->slim->add( new CsrfMiddleware() );
@@ -229,4 +211,34 @@
$slim->render( "{$name}.html" );
} )->name( $routeName );
}
+
+
+ /**
+ * Set header middleware config
+ *
+ * @return \Wikimedia\Slimapp\HeaderMiddleware Header middleware for app
+ */
+ protected function setHeaderMiddleware() {
+ // Add headers to all responses:
+ // * Vary: Cookie to help upstream caches to the right thing
+ // * X-Frame-Options: DENY
+ // * Content-Security-Policy to help protect against XSS attacks
+ // * Content-Type: text/html; charset=UTF-8
+ return array(
+ 'Vary' => 'Cookie',
+ 'X-Frame-Options' => 'DENY',
+ 'Content-Security-Policy' =>
+ "default-src 'self'; " .
+ "frame-src 'none'; " .
+ "object-src 'none'; " .
+ // Needed for css data:... sprites
+ "img-src 'self' data:; " .
+ // Needed for jQuery and Modernizr feature
detection
+ "style-src 'self' 'unsafe-inline'",
+ // Don't forget to override this for any content that
is not
+ // actually HTML (e.g. json)
+ 'Content-Type' => 'text/html; charset=UTF-8',
+ );
+ }
+}
}
--
To view, visit https://gerrit.wikimedia.org/r/292794
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I3c901ee20305dfc1d14031c9fa4d8fa68a4840bc
Gerrit-PatchSet: 1
Gerrit-Project: wikimedia/slimapp
Gerrit-Branch: master
Gerrit-Owner: Niharika29 <nihar...@wikimedia.org>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
