From 4b12bd559a5ec0acc18643da03fdbfdf6f7697c0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Barto=C5=A1?= Date: Sat, 6 Jul 2019 16:20:54 +0200 Subject: [PATCH] Move response configuration from initialize method to response service --- src/Bridges/HttpDI/HttpExtension.php | 19 ++++++++----------- tests/Http.DI/HttpExtension.csp.phpt | 4 ++-- .../Http.DI/HttpExtension.defaultHeaders.phpt | 2 +- .../Http.DI/HttpExtension.featurePolicy.phpt | 4 ++-- tests/Http.DI/HttpExtension.headers.phpt | 4 ++-- .../HttpExtension.sameSiteProtection.phpt | 2 +- 6 files changed, 16 insertions(+), 19 deletions(-) diff --git a/src/Bridges/HttpDI/HttpExtension.php b/src/Bridges/HttpDI/HttpExtension.php index e4dc69a9..fa1c1718 100644 --- a/src/Bridges/HttpDI/HttpExtension.php +++ b/src/Bridges/HttpDI/HttpExtension.php @@ -10,7 +10,6 @@ namespace Nette\Bridges\HttpDI; use Nette; -use Nette\PhpGenerator\Helpers; use Nette\Schema\Expect; @@ -76,13 +75,13 @@ public function loadConfiguration() } - public function afterCompile(Nette\PhpGenerator\ClassType $class) + public function beforeCompile() { if ($this->cliMode) { return; } - $initialize = $class->getMethod('initialize'); + $builder = $this->getContainerBuilder(); $config = $this->config; $headers = array_map('strval', $config->headers); @@ -96,16 +95,14 @@ public function afterCompile(Nette\PhpGenerator\ClassType $class) $headers['X-Frame-Options'] = $frames; } - $code = []; foreach (['csp', 'cspReportOnly'] as $key) { if (empty($config->$key)) { continue; } $value = self::buildPolicy($config->$key); if (strpos($value, "'nonce'")) { - $code[0] = '$cspNonce = base64_encode(random_bytes(16));'; $value = Nette\DI\ContainerBuilder::literal( - 'str_replace(?, ? . $cspNonce, ?)', + 'str_replace(?, ? . (isset($cspNonce) \? $cspNonce : $cspNonce = base64_encode(random_bytes(16))), ?)', ["'nonce", "'nonce-", $value] ); } @@ -116,16 +113,16 @@ public function afterCompile(Nette\PhpGenerator\ClassType $class) $headers['Feature-Policy'] = self::buildPolicy($config->featurePolicy); } - $code[] = Helpers::formatArgs('$response = $this->getService(?);', [$this->prefix('response')]); + $response = $builder->getDefinition($this->prefix('response')); + assert($response instanceof Nette\DI\Definitions\ServiceDefinition); + foreach ($headers as $key => $value) { if ($value !== '') { - $code[] = Helpers::formatArgs('$response->setHeader(?, ?);', [$key, $value]); + $response->addSetup('?->setHeader(?, ?);', ['@self', $key, $value]); } } - $code[] = Helpers::formatArgs('$response->setCookie(...?);', [['nette-samesite', '1', 0, '/', null, null, true, 'Strict']]); - - $initialize->addBody("(function () {\n\t" . implode("\n\t", $code) . "\n})();"); + $response->addSetup('?->setCookie(...?)', ['@self', ['nette-samesite', '1', 0, '/', null, null, true, 'Strict']]); } diff --git a/tests/Http.DI/HttpExtension.csp.phpt b/tests/Http.DI/HttpExtension.csp.phpt index ecf0abf6..906c903b 100644 --- a/tests/Http.DI/HttpExtension.csp.phpt +++ b/tests/Http.DI/HttpExtension.csp.phpt @@ -45,7 +45,7 @@ EOD eval($compiler->addConfig($config)->compile()); $container = new Container; -$container->initialize(); +$container->getService('http.response'); $headers = headers_list(); @@ -59,5 +59,5 @@ echo ' '; @ob_flush(); flush(); Assert::true(headers_sent()); Assert::exception(function () use ($container) { - $container->initialize(); + $container->createService('http.response'); }, Nette\InvalidStateException::class, 'Cannot send header after %a%'); diff --git a/tests/Http.DI/HttpExtension.defaultHeaders.phpt b/tests/Http.DI/HttpExtension.defaultHeaders.phpt index 3e70b35d..d41db94a 100644 --- a/tests/Http.DI/HttpExtension.defaultHeaders.phpt +++ b/tests/Http.DI/HttpExtension.defaultHeaders.phpt @@ -23,7 +23,7 @@ $compiler->addExtension('http', new HttpExtension); eval($compiler->compile()); $container = new Container; -$container->initialize(); +$container->getService('http.response'); $headers = headers_list(); Assert::contains('X-Frame-Options: SAMEORIGIN', $headers); diff --git a/tests/Http.DI/HttpExtension.featurePolicy.phpt b/tests/Http.DI/HttpExtension.featurePolicy.phpt index 9a792053..795aac47 100644 --- a/tests/Http.DI/HttpExtension.featurePolicy.phpt +++ b/tests/Http.DI/HttpExtension.featurePolicy.phpt @@ -35,7 +35,7 @@ EOD eval($compiler->addConfig($config)->compile()); $container = new Container; -$container->initialize(); +$container->getService('http.response'); $headers = headers_list(); var_dump($headers); @@ -48,5 +48,5 @@ echo ' '; @ob_flush(); flush(); Assert::true(headers_sent()); Assert::exception(function () use ($container) { - $container->initialize(); + $container->createService('http.response'); }, Nette\InvalidStateException::class, 'Cannot send header after %a%'); diff --git a/tests/Http.DI/HttpExtension.headers.phpt b/tests/Http.DI/HttpExtension.headers.phpt index cac2a1ce..43f8308f 100644 --- a/tests/Http.DI/HttpExtension.headers.phpt +++ b/tests/Http.DI/HttpExtension.headers.phpt @@ -33,7 +33,7 @@ EOD eval($compiler->addConfig($config)->compile()); $container = new Container; -$container->initialize(); +$container->getService('http.response'); $headers = headers_list(); Assert::contains('X-Frame-Options: SAMEORIGIN', $headers); @@ -49,5 +49,5 @@ echo ' '; @ob_flush(); flush(); Assert::true(headers_sent()); Assert::exception(function () use ($container) { - $container->initialize(); + $container->createService('http.response'); }, Nette\InvalidStateException::class, 'Cannot send header after %a%'); diff --git a/tests/Http.DI/HttpExtension.sameSiteProtection.phpt b/tests/Http.DI/HttpExtension.sameSiteProtection.phpt index a9d3dbb3..2ec06d30 100644 --- a/tests/Http.DI/HttpExtension.sameSiteProtection.phpt +++ b/tests/Http.DI/HttpExtension.sameSiteProtection.phpt @@ -21,7 +21,7 @@ $compiler->addExtension('http', new HttpExtension); eval($compiler->compile()); $container = new Container; -$container->initialize(); +$container->getService('http.response'); $headers = headers_list(); Assert::contains(