This repository has been archived by the owner on Feb 5, 2019. It is now read-only.
/
FrameOptionsMiddleware.php
131 lines (112 loc) · 3.37 KB
/
FrameOptionsMiddleware.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
<?php
//
// +---------------------------------------------------------------------+
// | CODE INC. SOURCE CODE |
// +---------------------------------------------------------------------+
// | Copyright (c) 2017 - Code Inc. SAS - All Rights Reserved. |
// | Visit https://www.codeinc.fr for more information about licensing. |
// +---------------------------------------------------------------------+
// | NOTICE: All information contained herein is, and remains the |
// | property of Code Inc. SAS. The intellectual and technical concepts |
// | contained herein are proprietary to Code Inc. SAS are protected by |
// | trade secret or copyright law. Dissemination of this information or |
// | reproduction of this material is strictly forbidden unless prior |
// | written permission is obtained from Code Inc. SAS. |
// +---------------------------------------------------------------------+
//
// Author: Joan Fabrégat <joan@codeinc.fr>
// Date: 07/03/2018
// Time: 01:47
// Project: SecurityMiddleware
//
declare(strict_types = 1);
namespace CodeInc\SecurityMiddleware;
use CodeInc\SecurityMiddleware\Tests\FrameOptionsMiddlewareTest;
/**
* Class FrameOptionsMiddleware
*
* @see FrameOptionsMiddlewareTest
* @package CodeInc\SecurityMiddleware
* @author Joan Fabrégat <joan@codeinc.fr>
* @link https://developer.mozilla.org/docs/Web/HTTP/Headers/X-Frame-Options
* @license MIT <https://github.com/CodeIncHQ/SecurityMiddleware/blob/master/LICENSE>
* @link https://github.com/CodeIncHQ/SecurityMiddleware
*/
class FrameOptionsMiddleware extends AbstractHttpHeaderMiddleware
{
public const VALUE_DENY = 'DENY';
public const VALUE_SAMEORIGIN = 'SAMEORIGIN';
public const VALUE_ALLOW_FROM= 'ALLOW-FROM %s';
/**
* @var string
*/
private $value;
/**
* FrameOptionsMiddleware constructor.
*
* @param string $value
*/
public function __construct(string $value)
{
parent::__construct('X-Frame-Options');
$this->value = $value;
}
/**
* @return string
*/
public function getValue():string
{
return $this->value;
}
/**
* @param string $value
*/
public function setValue(string $value):void
{
$this->value = $value;
}
/**
* Deny frames.
*
* @return self
*/
public static function denyFrames():self
{
return new self(self::VALUE_DENY);
}
/**
* Allow frames from the same origin.
*
* @return self
*/
public static function allowFromSameOrigin():self
{
return new self(self::VALUE_SAMEORIGIN);
}
/**
* Allow frame from a given URL.
*
* @param string $allowFromUrl
* @return self
* @throws MiddlewareException
*/
public static function allowFrom(string $allowFromUrl):self
{
$middleware = new self(sprintf(self::VALUE_ALLOW_FROM, $allowFromUrl));
if (!filter_var($allowFromUrl, FILTER_VALIDATE_URL)) {
throw new MiddlewareException(
$middleware,
sprintf("'%s' is not a valid URL", $allowFromUrl)
);
}
return $middleware;
}
/**
* @inheritdoc
* @return string
*/
public function getHeaderValue():string
{
return $this->value;
}
}