PHP Classes
elePHPant
Icontem

File: src/Cabin/Bridge/View/cargo/bridge_csp.twig

Recommend this page to a friend!
  Classes of Scott Arciszewski  >  CMS Airship  >  src/Cabin/Bridge/View/cargo/bridge_csp.twig  >  Download  
File: src/Cabin/Bridge/View/cargo/bridge_csp.twig
Role: Auxiliary data
Content type: text/plain
Description: Auxiliary data
Class: CMS Airship
Content management system with security features
Author: By
Last change:
Date: 1 year ago
Size: 6,894 bytes
 

Contents

Class file image Download
{% set form_labels = {
    "connect-src": __("AJAX Endpoints"),
    "child-src": __("Frame children"),
    "form-action": __("Form destinations allowed"),
    "frame-ancestors": __("Frame ancestors allowed"),
    "font-src": __("Load Fonts from"),
    "img-src": __("Load Images from"),
    "media-src": __("Load HTML5 Audio/Video from"),
    "object-src": __("Load Objects from"),
    "script-src": __("Load JavaScript from"),
    "style-src": __("Load CSS from"),
    "plugin-types": __("MIME Types for Browser Plugins")
} %}
<div class="table full-width table-pad-1">
{% if inherit_box %}
    <div class="table-min-width table-pad-right text-right table-cell">
        {{ __("Cabin-Specific Option") }}:
    </div>
    <div class="table-cell">
        <div class="multiline_checkbox_container">
            <div class="multiline_checkbox">
                <input
                    id="csp_inherit_box"
                    type="checkbox"
                    name="content_security_policy[inherit]"
                    value="1"
                    {% if csp['inherit'] %}
                        checked="checked"
                    {% endif %}
                />
                <label for="csp_inherit_box">
                    {{ __("Include, and extend, the Universal CSP Rules?") }}
                </label>
            </div>
        </div>
    </div>
{% endif %}
{% for key, label in form_labels %}
    {% if key == "plugin-types" %}
        {% set ph = "application/javascript" %}
        {% set btn = __("Add Type") %}
    {% else %}
        {% set ph = "example.com" %}
        {% set btn = __("Add Source") %}
    {% endif %}
    <div class="table-row">
        <div class="table-min-width table-pad-right text-right table-cell">
            {{ label }}:
        </div>
        <div class="table-cell">
            <fieldset>
                <legend>
                    <input
                        class="csp_disable_all"
                        id="csp_{{ key|e('html_attr') }}_disable_security"
                        data-key="{{ key|e('html_attr') }}"
                        type="checkbox"
                        name="content_security_policy[{{ key|e('html_attr') }}][disable-security]"
                        value="1"
                        {% if '*' in csp[key]['allow'] %}
                            checked="checked"
                        {% endif %}
                    />
                    <label for="csp_{{ key|e('html_attr') }}_disable_security">
                        {{ __("Disable all security for this directive?") }}
                    </label>
                </legend>
                <div id="csp_{{ key|e('html_attr') }}_inner">
                    <ol id="csp_{{ key|e('html_attr') }}_whitelist">
                    {% for url in csp[key]['allow'] %}{% if url != '*' %}
                        <li><input
                            class="full-width"
                            type="text"
                            placeholder="{{ ph|e('html_attr') }}"
                            name="content_security_policy[{{ key|e('html_attr') }}][allow][]"
                            value="{{ url|e('html_attr') }}"
                        /></li>
                    {% endif %}{% endfor %}
                    </ol>
                    <button
                        type="button"
                        data-key="{{ key|e('html_attr') }}"
                        id="csp_{{ key|e('html_attr') }}_add"
                        class="pure-button pure-button-tertiary csp_add_btn"
                    >
                        <i class="fa fa-plus-circle"></i>{#
                        #}{% if key == 'plugin-types' %}{#
                            #}{{ btn }}{#
                        #}{% else %}{#
                            #}{{ btn }}{#
                        #}{% endif %}
                    </button>

                    {# BEGIN EXCEPTIONS: #}
                    {% if key != 'plugin-types' %}
                        <hr />
                        {% if key in ['script-src', 'style-src'] %}
                        <input
                            id="csp_{{ key|e('html_attr') }}_unsafe_inline"
                            type="checkbox"
                            name="content_security_policy[{{ key|e('html_attr') }}][unsafe-inline]"
                            value="1"
                            {% if csp[key]['unsafe-inline'] %}
                                checked="checked"
                            {% endif %}
                        />
                        <label for="csp_{{ key|e('html_attr') }}_unsafe_inline">
                            {{ __("Allow unsafe inline?") }}
                        </label><br />
                        {% if key == 'script-src' %}
                            <input
                                id="csp_{{ key|e('html_attr') }}_unsafe_eval"
                                type="checkbox"
                                name="content_security_policy[{{ key|e('html_attr') }}][unsafe-eval]"
                                value="1"
                                {% if csp[key]['unsafe-eval'] %}
                                    checked="checked"
                                {% endif %}
                            />
                            <label for="csp_{{ key|e('html_attr') }}_unsafe_eval">
                                {{ __("Allow eval()?") }}
                            </label><br />
                        {% endif %}
                    {% endif %}
                    <input
                        id="csp_{{ key|e('html_attr') }}_self"
                        type="checkbox"
                        name="content_security_policy[{{ key|e('html_attr') }}][self]"
                        value="1"
                        {% if csp[key]['self'] %}
                            checked="checked"
                        {% endif %}
                    />
                    <label for="csp_{{ key|e('html_attr') }}_self">
                        {{ __("Allow self-references?") }}
                    </label><br />
                    {% if key[-4:] == '-src' %}
                        <input
                            id="csp_{{ key|e('html_attr') }}_data"
                            type="checkbox"
                            name="content_security_policy[{{ key|e('html_attr') }}][data]"
                            value="1"
                            {% if csp[key]['data'] %}
                                checked="checked"
                            {% endif %}
                        />
                        <label for="csp_{{ key|e('html_attr') }}_data">
                            {{ __("Allow data URIs?") }}
                        </label>
                    {% endif %}
                {% endif %}
                </div>
            </fieldset>
        </div>
    </div>
{% endfor %}
</div>