jonnybarnes.uk/app/Http/Middleware/CSPHeader.php

<?php

namespace App\Http\Middleware;

use Closure;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\App;
use Symfony\Component\HttpFoundation\Response;

class CSPHeader
{
    /**
     * Handle an incoming request.
     */
    public function handle(Request $request, Closure $next): Response
    {
        if (App::environment('local', 'development')) {
            return $next($request);
        }

        // headers have to be single-line strings,
        // so we concat multiple lines
        // phpcs:disable Generic.Files.LineLength.TooLong
        return $next($request)
            ->header(
                'Content-Security-Policy',
                "default-src 'self'; " .
                "style-src 'self' cloud.typography.com jonnybarnes.uk; " .
                "img-src 'self' data: blob: https://pbs.twimg.com https://jbuk-media.s3-eu-west-1.amazonaws.com https://jbuk-media-dev.s3-eu-west-1.amazonaws.com https://secure.gravatar.com https://graph.facebook.com *.fbcdn.net https://*.cdninstagram.com https://*.4sqi.net https://upload.wikimedia.org; " .
                "font-src 'self' data:; " .
                "frame-src 'self' https://www.youtube.com blob:; " .
                'upgrade-insecure-requests; ' .
                'block-all-mixed-content; ' .
                'report-to csp-endpoint; ' .
                'report-uri https://jonnybarnes.report-uri.io/r/default/csp/enforce;'
            )->header(
                'Report-To',
                '{' .
                        "'url': 'https://jonnybarnes.report-uri.io/r/default/csp/enforce', " .
                        "'group': 'csp-endpoint', " .
                        "'max-age': 10886400" .
                '}'
            );
        // phpcs:enable Generic.Files.LineLength.TooLong
    }
}
Add the CSP headers Squashed commit of the following: commit 468945826621d2e586f7e5fa773623c4accc316a Author: Jonny Barnes <jonny@jonnybarnes.uk> Date: Fri Mar 2 16:42:30 2018 +0000 Update changelog commit 36c6edce091c41861879a982e6ad250b395abbcf Author: Jonny Barnes <jonny@jonnybarnes.uk> Date: Fri Mar 2 16:42:23 2018 +0000 Add a test commit ef9d7b564f8ea4f4528c42f411c14ddfaa132082 Author: Jonny Barnes <jonny@jonnybarnes.uk> Date: Fri Mar 2 16:42:13 2018 +0000 Apply the CSPHeader middleware to all `web` requests commit 737bfca3a6b446d52c0d0a8cc1b7b1c422876c0b Author: Jonny Barnes <jonny@jonnybarnes.uk> Date: Fri Mar 2 16:41:45 2018 +0000 Add a CSP header to a response, as well as the Report-To header 2018-03-02 16:46:45 +00:00			`<?php`

			`namespace App\Http\Middleware;`

			`use Closure;`
Some more phpcs fixes 2019-10-27 20:55:46 +00:00			`use Illuminate\Http\Request;`
Dont run csp locally 2022-08-05 20:35:49 +01:00			`use Illuminate\Support\Facades\App;`
Upgrade to Laravel 10 2023-02-18 09:34:57 +00:00			`use Symfony\Component\HttpFoundation\Response;`
Add the CSP headers Squashed commit of the following: commit 468945826621d2e586f7e5fa773623c4accc316a Author: Jonny Barnes <jonny@jonnybarnes.uk> Date: Fri Mar 2 16:42:30 2018 +0000 Update changelog commit 36c6edce091c41861879a982e6ad250b395abbcf Author: Jonny Barnes <jonny@jonnybarnes.uk> Date: Fri Mar 2 16:42:23 2018 +0000 Add a test commit ef9d7b564f8ea4f4528c42f411c14ddfaa132082 Author: Jonny Barnes <jonny@jonnybarnes.uk> Date: Fri Mar 2 16:42:13 2018 +0000 Apply the CSPHeader middleware to all `web` requests commit 737bfca3a6b446d52c0d0a8cc1b7b1c422876c0b Author: Jonny Barnes <jonny@jonnybarnes.uk> Date: Fri Mar 2 16:41:45 2018 +0000 Add a CSP header to a response, as well as the Report-To header 2018-03-02 16:46:45 +00:00
			`class CSPHeader`
			`{`
			`/**`
			`* Handle an incoming request.`
			`*/`
Upgrade to Laravel 10 2023-02-18 09:34:57 +00:00			`public function handle(Request $request, Closure $next): Response`
Add the CSP headers Squashed commit of the following: commit 468945826621d2e586f7e5fa773623c4accc316a Author: Jonny Barnes <jonny@jonnybarnes.uk> Date: Fri Mar 2 16:42:30 2018 +0000 Update changelog commit 36c6edce091c41861879a982e6ad250b395abbcf Author: Jonny Barnes <jonny@jonnybarnes.uk> Date: Fri Mar 2 16:42:23 2018 +0000 Add a test commit ef9d7b564f8ea4f4528c42f411c14ddfaa132082 Author: Jonny Barnes <jonny@jonnybarnes.uk> Date: Fri Mar 2 16:42:13 2018 +0000 Apply the CSPHeader middleware to all `web` requests commit 737bfca3a6b446d52c0d0a8cc1b7b1c422876c0b Author: Jonny Barnes <jonny@jonnybarnes.uk> Date: Fri Mar 2 16:41:45 2018 +0000 Add a CSP header to a response, as well as the Report-To header 2018-03-02 16:46:45 +00:00			`{`
Dont run csp locally 2022-08-05 20:35:49 +01:00			`if (App::environment('local', 'development')) {`
			`return $next($request);`
			`}`

Add the CSP headers Squashed commit of the following: commit 468945826621d2e586f7e5fa773623c4accc316a Author: Jonny Barnes <jonny@jonnybarnes.uk> Date: Fri Mar 2 16:42:30 2018 +0000 Update changelog commit 36c6edce091c41861879a982e6ad250b395abbcf Author: Jonny Barnes <jonny@jonnybarnes.uk> Date: Fri Mar 2 16:42:23 2018 +0000 Add a test commit ef9d7b564f8ea4f4528c42f411c14ddfaa132082 Author: Jonny Barnes <jonny@jonnybarnes.uk> Date: Fri Mar 2 16:42:13 2018 +0000 Apply the CSPHeader middleware to all `web` requests commit 737bfca3a6b446d52c0d0a8cc1b7b1c422876c0b Author: Jonny Barnes <jonny@jonnybarnes.uk> Date: Fri Mar 2 16:41:45 2018 +0000 Add a CSP header to a response, as well as the Report-To header 2018-03-02 16:46:45 +00:00			`// headers have to be single-line strings,`
			`// so we concat multiple lines`
Remove un-needed elements from CSP header 2021-10-05 20:58:28 +01:00			`// phpcs:disable Generic.Files.LineLength.TooLong`
Add the CSP headers Squashed commit of the following: commit 468945826621d2e586f7e5fa773623c4accc316a Author: Jonny Barnes <jonny@jonnybarnes.uk> Date: Fri Mar 2 16:42:30 2018 +0000 Update changelog commit 36c6edce091c41861879a982e6ad250b395abbcf Author: Jonny Barnes <jonny@jonnybarnes.uk> Date: Fri Mar 2 16:42:23 2018 +0000 Add a test commit ef9d7b564f8ea4f4528c42f411c14ddfaa132082 Author: Jonny Barnes <jonny@jonnybarnes.uk> Date: Fri Mar 2 16:42:13 2018 +0000 Apply the CSPHeader middleware to all `web` requests commit 737bfca3a6b446d52c0d0a8cc1b7b1c422876c0b Author: Jonny Barnes <jonny@jonnybarnes.uk> Date: Fri Mar 2 16:41:45 2018 +0000 Add a CSP header to a response, as well as the Report-To header 2018-03-02 16:46:45 +00:00			`return $next($request)`
			`->header(`
			`'Content-Security-Policy',`
Minor fixes Improve how we link to external fonts, change csp generating code, fix width of pagination links 2020-06-25 20:50:32 +01:00			`"default-src 'self'; " .`
Remove un-needed elements from CSP header 2021-10-05 20:58:28 +01:00			`"style-src 'self' cloud.typography.com jonnybarnes.uk; " .`
			`"img-src 'self' data: blob: https://pbs.twimg.com https://jbuk-media.s3-eu-west-1.amazonaws.com https://jbuk-media-dev.s3-eu-west-1.amazonaws.com https://secure.gravatar.com https://graph.facebook.com .fbcdn.net https://.cdninstagram.com https://*.4sqi.net https://upload.wikimedia.org; " .`
Minor fixes Improve how we link to external fonts, change csp generating code, fix width of pagination links 2020-06-25 20:50:32 +01:00			`"font-src 'self' data:; " .`
			`"frame-src 'self' https://www.youtube.com blob:; " .`
Fix quote style 2020-06-25 20:57:32 +01:00			`'upgrade-insecure-requests; ' .`
			`'block-all-mixed-content; ' .`
			`'report-to csp-endpoint; ' .`
			`'report-uri https://jonnybarnes.report-uri.io/r/default/csp/enforce;'`
phpcs fixes 2018-03-17 13:57:03 +00:00			`)->header(`
Some more phpcs fixes 2019-10-27 20:55:46 +00:00			`'Report-To',`
			`'{' .`
			`"'url': 'https://jonnybarnes.report-uri.io/r/default/csp/enforce', " .`
Minor fixes Improve how we link to external fonts, change csp generating code, fix width of pagination links 2020-06-25 20:50:32 +01:00			`"'group': 'csp-endpoint', " .`
Some more phpcs fixes 2019-10-27 20:55:46 +00:00			`"'max-age': 10886400" .`
			`'}'`
			`);`
Remove un-needed elements from CSP header 2021-10-05 20:58:28 +01:00			`// phpcs:enable Generic.Files.LineLength.TooLong`
Add the CSP headers Squashed commit of the following: commit 468945826621d2e586f7e5fa773623c4accc316a Author: Jonny Barnes <jonny@jonnybarnes.uk> Date: Fri Mar 2 16:42:30 2018 +0000 Update changelog commit 36c6edce091c41861879a982e6ad250b395abbcf Author: Jonny Barnes <jonny@jonnybarnes.uk> Date: Fri Mar 2 16:42:23 2018 +0000 Add a test commit ef9d7b564f8ea4f4528c42f411c14ddfaa132082 Author: Jonny Barnes <jonny@jonnybarnes.uk> Date: Fri Mar 2 16:42:13 2018 +0000 Apply the CSPHeader middleware to all `web` requests commit 737bfca3a6b446d52c0d0a8cc1b7b1c422876c0b Author: Jonny Barnes <jonny@jonnybarnes.uk> Date: Fri Mar 2 16:41:45 2018 +0000 Add a CSP header to a response, as well as the Report-To header 2018-03-02 16:46:45 +00:00			`}`
			`}`