From db8f885092512f230385917ad913ca59273ed63d Mon Sep 17 00:00:00 2001
From: Jonny Barnes <jonny@jonnybarnes.uk>
Date: Sat, 23 Mar 2024 14:37:30 +0000
Subject: [PATCH 1/2] Remove CSP header

---
 app/Http/Kernel.php               | 74 -------------------------------
 app/Http/Middleware/CSPHeader.php | 48 --------------------
 bootstrap/app.php                 |  1 -
 tests/Feature/CSPHeadersTest.php  | 18 --------
 4 files changed, 141 deletions(-)
 delete mode 100644 app/Http/Kernel.php
 delete mode 100644 app/Http/Middleware/CSPHeader.php
 delete mode 100644 tests/Feature/CSPHeadersTest.php

diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
deleted file mode 100644
index 3557e09c..00000000
--- a/app/Http/Kernel.php
+++ /dev/null
@@ -1,74 +0,0 @@
-<?php
-
-namespace App\Http;
-
-use Illuminate\Foundation\Http\Kernel as HttpKernel;
-
-class Kernel extends HttpKernel
-{
-    /**
-     * The application's global HTTP middleware stack.
-     *
-     * These middleware are run during every request to your application.
-     *
-     * @var array<int, class-string|string>
-     */
-    protected $middleware = [
-        // \App\Http\Middleware\TrustHosts::class,
-        \App\Http\Middleware\TrustProxies::class,
-        \Illuminate\Http\Middleware\HandleCors::class,
-        \App\Http\Middleware\PreventRequestsDuringMaintenance::class,
-        \Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
-        \App\Http\Middleware\TrimStrings::class,
-        \Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
-    ];
-
-    /**
-     * The application's route middleware groups.
-     *
-     * @var array<string, array<int, class-string|string>>
-     */
-    protected $middlewareGroups = [
-        'web' => [
-            \App\Http\Middleware\EncryptCookies::class,
-            \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
-            \Illuminate\Session\Middleware\StartSession::class,
-            \Illuminate\View\Middleware\ShareErrorsFromSession::class,
-            \App\Http\Middleware\VerifyCsrfToken::class,
-            \Illuminate\Routing\Middleware\SubstituteBindings::class,
-            \App\Http\Middleware\LinkHeadersMiddleware::class,
-            \App\Http\Middleware\LocalhostSessionMiddleware::class,
-            \App\Http\Middleware\CSPHeader::class,
-        ],
-
-        'api' => [
-            // \Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class,
-            \Illuminate\Routing\Middleware\ThrottleRequests::class.':api',
-            \Illuminate\Routing\Middleware\SubstituteBindings::class,
-        ],
-    ];
-
-    /**
-     * The application's middleware aliases.
-     *
-     * Aliases may be used instead of class names to conveniently assign middleware to routes and groups.
-     *
-     * @var array<string, class-string|string>
-     */
-    protected $middlewareAliases = [
-        'auth' => \App\Http\Middleware\Authenticate::class,
-        'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
-        'auth.session' => \Illuminate\Session\Middleware\AuthenticateSession::class,
-        'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,
-        'can' => \Illuminate\Auth\Middleware\Authorize::class,
-        'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
-        'password.confirm' => \Illuminate\Auth\Middleware\RequirePassword::class,
-        'precognitive' => \Illuminate\Foundation\Http\Middleware\HandlePrecognitiveRequests::class,
-        'signed' => \App\Http\Middleware\ValidateSignature::class,
-        'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
-        'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
-        'micropub.token' => \App\Http\Middleware\VerifyMicropubToken::class,
-        'myauth' => \App\Http\Middleware\MyAuthMiddleware::class,
-        'cors' => \App\Http\Middleware\CorsHeaders::class,
-    ];
-}
diff --git a/app/Http/Middleware/CSPHeader.php b/app/Http/Middleware/CSPHeader.php
deleted file mode 100644
index da54c47c..00000000
--- a/app/Http/Middleware/CSPHeader.php
+++ /dev/null
@@ -1,48 +0,0 @@
-<?php
-
-namespace App\Http\Middleware;
-
-use Closure;
-use Illuminate\Http\Request;
-use Illuminate\Support\Facades\App;
-use Symfony\Component\HttpFoundation\Response;
-
-class CSPHeader
-{
-    /**
-     * Handle an incoming request.
-     *
-     * @psalm-suppress PossiblyUnusedMethod
-     */
-    public function handle(Request $request, Closure $next): Response
-    {
-        if (App::environment('local', 'development')) {
-            return $next($request);
-        }
-
-        // headers have to be single-line strings,
-        // so we concat multiple lines
-        // phpcs:disable Generic.Files.LineLength.TooLong
-        return $next($request)
-            ->header(
-                'Content-Security-Policy',
-                "default-src 'self'; " .
-                "style-src 'self' 'unsafe-inline' cloud.typography.com jonnybarnes.uk; " .
-                "img-src 'self' data: blob: https://pbs.twimg.com https://jbuk-media.s3-eu-west-1.amazonaws.com https://jbuk-media-dev.s3-eu-west-1.amazonaws.com https://secure.gravatar.com https://graph.facebook.com *.fbcdn.net https://*.cdninstagram.com https://*.4sqi.net https://upload.wikimedia.org https://mastodon.thebeeches.house; " .
-                "font-src 'self' data:; " .
-                "frame-src 'self' https://www.youtube.com blob:; " .
-                'upgrade-insecure-requests; ' .
-                'block-all-mixed-content; ' .
-                'report-to csp-endpoint; ' .
-                'report-uri https://jonnybarnes.report-uri.io/r/default/csp/enforce;'
-            )->header(
-                'Report-To',
-                '{' .
-                        "'url': 'https://jonnybarnes.report-uri.io/r/default/csp/enforce', " .
-                        "'group': 'csp-endpoint', " .
-                        "'max-age': 10886400" .
-                '}'
-            );
-        // phpcs:enable Generic.Files.LineLength.TooLong
-    }
-}
diff --git a/bootstrap/app.php b/bootstrap/app.php
index 4311ceb9..6fdb5118 100644
--- a/bootstrap/app.php
+++ b/bootstrap/app.php
@@ -19,7 +19,6 @@ return Application::configure(basePath: dirname(__DIR__))
             'micropub/places',
             'webmention',
         ]);
-        $middleware->append(CSPHeader::class);
     })
     ->withExceptions(function (Exceptions $exceptions) {
         //
diff --git a/tests/Feature/CSPHeadersTest.php b/tests/Feature/CSPHeadersTest.php
deleted file mode 100644
index 6957f034..00000000
--- a/tests/Feature/CSPHeadersTest.php
+++ /dev/null
@@ -1,18 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace Tests\Feature;
-
-use Tests\TestCase;
-
-class CSPHeadersTest extends TestCase
-{
-    /** @test */
-    public function checkCspHeadersArePresent(): void
-    {
-        $response = $this->get('/blog');
-        $response->assertHeader('Content-Security-Policy');
-        $response->assertHeader('Report-To');
-    }
-}

From ed2b3c99da2f0135fe904b99c9472f008bb5e59c Mon Sep 17 00:00:00 2001
From: Jonny Barnes <jonny@jonnybarnes.uk>
Date: Sat, 23 Mar 2024 14:42:21 +0000
Subject: [PATCH 2/2] Laravel Pint fixes

---
 bootstrap/app.php | 1 -
 1 file changed, 1 deletion(-)

diff --git a/bootstrap/app.php b/bootstrap/app.php
index 6fdb5118..32838ed3 100644
--- a/bootstrap/app.php
+++ b/bootstrap/app.php
@@ -1,6 +1,5 @@
 <?php
 
-use App\Http\Middleware\CSPHeader;
 use Illuminate\Foundation\Application;
 use Illuminate\Foundation\Configuration\Exceptions;
 use Illuminate\Foundation\Configuration\Middleware;