diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index a474229d00c1f..4051d1c5bc5bb 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -45,8 +45,6 @@ RoboFile.php @rdeutz @hackwar # CSP Tooling plugins/system/httpheaders/* @zero-24 -administrator/components/com_csp/* @zero-24 -components/com_csp/* @zero-24 # Web Authentication (WebAuthn) plugins/system/webauthn/* @nikosdion diff --git a/administrator/components/com_admin/script.php b/administrator/components/com_admin/script.php index ed1e93c4f64e4..531e3ca0263e1 100644 --- a/administrator/components/com_admin/script.php +++ b/administrator/components/com_admin/script.php @@ -5248,14 +5248,31 @@ public function deleteUnexistingFiles($dryRun = false, $suppressOutput = false) '/administrator/components/com_admin/src/Controller/ProfileController.php', '/administrator/components/com_admin/src/Model/ProfileModel.php', '/administrator/components/com_admin/src/View/Profile/HtmlView.php', + '/administrator/components/com_csp/access.xml', + '/administrator/components/com_csp/config.xml', + '/administrator/components/com_csp/csp.xml', + '/administrator/components/com_csp/forms/filter_reports.xml', + '/administrator/components/com_csp/services/provider.php', + '/administrator/components/com_csp/src/Controller/DisplayController.php', + '/administrator/components/com_csp/src/Controller/ReportsController.php', + '/administrator/components/com_csp/src/Helper/ReporterHelper.php', + '/administrator/components/com_csp/src/Model/ReportModel.php', + '/administrator/components/com_csp/src/Model/ReportsModel.php', + '/administrator/components/com_csp/src/Table/ReportTable.php', + '/administrator/components/com_csp/src/View/Reports/HtmlView.php', + '/administrator/components/com_csp/tmpl/reports/default.php', + '/administrator/components/com_csp/tmpl/reports/default.xml', '/administrator/components/com_admin/tmpl/profile/edit.php', '/administrator/components/com_config/tmpl/application/default_ftp.php', '/administrator/components/com_config/tmpl/application/default_ftplogin.php', '/administrator/components/com_fields/src/Field/SubfieldstypeField.php', '/administrator/components/com_installer/tmpl/installer/default_ftp.php', + '/administrator/language/en-GB/com_csp.ini', + '/administrator/language/en-GB/com_csp.sys.ini', '/administrator/language/en-GB/plg_fields_subfields.ini', '/administrator/language/en-GB/plg_fields_subfields.sys.ini', '/administrator/templates/atum/Service/HTML/Atum.php', + '/components/com_csp/src/Controller/ReportController.php', '/components/com_menus/src/Controller/DisplayController.php', '/libraries/vendor/beberlei/assert/phpstan-code.neon', '/libraries/vendor/beberlei/assert/phpstan-tests.neon', @@ -6905,8 +6922,23 @@ public function deleteUnexistingFiles($dryRun = false, $suppressOutput = false) '/libraries/vendor/ozdemirburak/iris', '/libraries/vendor/ozdemirburak', '/components/com_menus/src/Controller', + '/components/com_csp/src/Controller', + '/components/com_csp/src', + '/components/com_csp', '/administrator/templates/atum/Service/HTML', '/administrator/templates/atum/Service', + '/administrator/components/com_csp/tmpl/reports', + '/administrator/components/com_csp/tmpl', + '/administrator/components/com_csp/src/View/Reports', + '/administrator/components/com_csp/src/View', + '/administrator/components/com_csp/src/Table', + '/administrator/components/com_csp/src/Model', + '/administrator/components/com_csp/src/Helper', + '/administrator/components/com_csp/src/Controller', + '/administrator/components/com_csp/src', + '/administrator/components/com_csp/services', + '/administrator/components/com_csp/forms', + '/administrator/components/com_csp', '/administrator/components/com_admin/tmpl/profile', '/administrator/components/com_admin/src/View/Profile', '/administrator/components/com_admin/forms', @@ -6983,7 +7015,7 @@ public function updateAssets($installer) { // List all components added since 4.0 $newComponents = array( - 'com_csp', + // Components to be added here ); foreach ($newComponents as $component) diff --git a/administrator/components/com_admin/sql/updates/mysql/4.0.0-2018-06-03.sql b/administrator/components/com_admin/sql/updates/mysql/4.0.0-2018-06-03.sql index a25eb4c8be0fb..65a7046e3392c 100644 --- a/administrator/components/com_admin/sql/updates/mysql/4.0.0-2018-06-03.sql +++ b/administrator/components/com_admin/sql/updates/mysql/4.0.0-2018-06-03.sql @@ -1,18 +1 @@ --- --- Table structure for table `#__csp` --- - -CREATE TABLE IF NOT EXISTS `#__csp` ( - `id` int NOT NULL AUTO_INCREMENT, - `document_uri` varchar(500) NOT NULL DEFAULT '', - `blocked_uri` varchar(500) NOT NULL DEFAULT '', - `directive` varchar(500) NOT NULL DEFAULT '', - `client` varchar(500) NOT NULL DEFAULT '', - `created` datetime NOT NULL, - `modified` datetime NOT NULL, - `published` tinyint NOT NULL DEFAULT 0, - PRIMARY KEY (`id`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 DEFAULT COLLATE=utf8mb4_unicode_ci; - -INSERT INTO `#__extensions` (`package_id`, `name`, `type`, `element`, `folder`, `client_id`, `enabled`, `access`, `protected`, `manifest_cache`, `params`, `custom_data`, `checked_out`, `checked_out_time`, `ordering`, `state`) VALUES -(0, 'com_csp', 'component', 'com_csp', '', 1, 1, 1, 0, '', '{}', '', 0, '0000-00-00 00:00:00', 0, 0); +-- This has been removed as com_csp has been removed from the final build diff --git a/administrator/components/com_admin/sql/updates/mysql/4.0.0-2019-07-16.sql b/administrator/components/com_admin/sql/updates/mysql/4.0.0-2019-07-16.sql index 2899b721b7700..65a7046e3392c 100644 --- a/administrator/components/com_admin/sql/updates/mysql/4.0.0-2019-07-16.sql +++ b/administrator/components/com_admin/sql/updates/mysql/4.0.0-2019-07-16.sql @@ -1 +1 @@ -DELETE FROM `#__menu` WHERE `link` = 'index.php?option=com_csp' AND `menutype` = 'main'; +-- This has been removed as com_csp has been removed from the final build diff --git a/administrator/components/com_admin/sql/updates/mysql/4.0.0-2020-03-25.sql b/administrator/components/com_admin/sql/updates/mysql/4.0.0-2020-03-25.sql index 50649a1ec8452..5f72531aef0a6 100644 --- a/administrator/components/com_admin/sql/updates/mysql/4.0.0-2020-03-25.sql +++ b/administrator/components/com_admin/sql/updates/mysql/4.0.0-2020-03-25.sql @@ -39,7 +39,6 @@ WHERE (`type` = 'component' AND `element` IN ( 'com_privacy', 'com_actionlogs', 'com_workflow', - 'com_csp', 'com_mails' )) OR (`type` = 'module' AND `client_id` = 0 AND `element` IN ( diff --git a/administrator/components/com_admin/sql/updates/mysql/4.0.0-2021-05-04.sql b/administrator/components/com_admin/sql/updates/mysql/4.0.0-2021-05-04.sql new file mode 100644 index 0000000000000..5c0fa009f5215 --- /dev/null +++ b/administrator/components/com_admin/sql/updates/mysql/4.0.0-2021-05-04.sql @@ -0,0 +1,2 @@ +DELETE FROM `#__extensions` WHERE `name` = 'com_csp' and `type` = 'component' and `element` = 'com_csp'; +DROP TABLE `#__csp`; diff --git a/administrator/components/com_admin/sql/updates/postgresql/4.0.0-2018-06-03.sql b/administrator/components/com_admin/sql/updates/postgresql/4.0.0-2018-06-03.sql index aa8383b195e60..65a7046e3392c 100644 --- a/administrator/components/com_admin/sql/updates/postgresql/4.0.0-2018-06-03.sql +++ b/administrator/components/com_admin/sql/updates/postgresql/4.0.0-2018-06-03.sql @@ -1,18 +1 @@ --- --- Table structure for table `#__csp` --- - -CREATE TABLE IF NOT EXISTS "#__csp" ( - "id" serial NOT NULL, - "document_uri" varchar(500) NOT NULL DEFAULT '', - "blocked_uri" varchar(500) NOT NULL DEFAULT '', - "directive" varchar(500) NOT NULL DEFAULT '', - "client" varchar(500) NOT NULL DEFAULT '', - "created" timestamp without time zone NOT NULL, - "modified" timestamp without time zone NOT NULL, - "published" smallint DEFAULT 0 NOT NULL, - PRIMARY KEY ("id") -); - -INSERT INTO "#__extensions" ("package_id", "name", "type", "element", "folder", "client_id", "enabled", "access", "protected", "manifest_cache", "params", "custom_data", "checked_out", "checked_out_time", "ordering", "state") VALUES -(0, 'com_csp', 'component', 'com_csp', '', 1, 1, 1, 0, '', '{}', '', 0, '1970-01-01 00:00:00', 0, 0); +-- This has been removed as com_csp has been removed from the final build diff --git a/administrator/components/com_admin/sql/updates/postgresql/4.0.0-2019-07-16.sql b/administrator/components/com_admin/sql/updates/postgresql/4.0.0-2019-07-16.sql index 2259b9e932770..65a7046e3392c 100644 --- a/administrator/components/com_admin/sql/updates/postgresql/4.0.0-2019-07-16.sql +++ b/administrator/components/com_admin/sql/updates/postgresql/4.0.0-2019-07-16.sql @@ -1 +1 @@ -DELETE FROM "#__menu" WHERE "link" = 'index.php?option=com_csp' AND "menutype" = 'main'; +-- This has been removed as com_csp has been removed from the final build diff --git a/administrator/components/com_admin/sql/updates/postgresql/4.0.0-2020-03-25.sql b/administrator/components/com_admin/sql/updates/postgresql/4.0.0-2020-03-25.sql index 3586f07edac94..0d45c2156d656 100644 --- a/administrator/components/com_admin/sql/updates/postgresql/4.0.0-2020-03-25.sql +++ b/administrator/components/com_admin/sql/updates/postgresql/4.0.0-2020-03-25.sql @@ -41,7 +41,6 @@ WHERE ("type" = 'component' AND "element" IN ( 'com_privacy', 'com_actionlogs', 'com_workflow', - 'com_csp', 'com_mails' )) OR ("type" = 'module' AND "client_id" = 0 AND "element" IN ( diff --git a/administrator/components/com_admin/sql/updates/postgresql/4.0.0-2021-05-04.sql b/administrator/components/com_admin/sql/updates/postgresql/4.0.0-2021-05-04.sql new file mode 100644 index 0000000000000..5c0fa009f5215 --- /dev/null +++ b/administrator/components/com_admin/sql/updates/postgresql/4.0.0-2021-05-04.sql @@ -0,0 +1,2 @@ +DELETE FROM `#__extensions` WHERE `name` = 'com_csp' and `type` = 'component' and `element` = 'com_csp'; +DROP TABLE `#__csp`; diff --git a/administrator/components/com_csp/access.xml b/administrator/components/com_csp/access.xml deleted file mode 100644 index 5582ccc729ee1..0000000000000 --- a/administrator/components/com_csp/access.xml +++ /dev/null @@ -1,12 +0,0 @@ - - -
- - - - - - - -
- diff --git a/administrator/components/com_csp/config.xml b/administrator/components/com_csp/config.xml deleted file mode 100644 index b49f60aafb6d0..0000000000000 --- a/administrator/components/com_csp/config.xml +++ /dev/null @@ -1,191 +0,0 @@ - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
-
- - -
- diff --git a/administrator/components/com_csp/csp.xml b/administrator/components/com_csp/csp.xml deleted file mode 100644 index 7771f2f5ecedf..0000000000000 --- a/administrator/components/com_csp/csp.xml +++ /dev/null @@ -1,32 +0,0 @@ - - - com_csp - Joomla! Project - May 2018 - (C) 2018 Open Source Matters, Inc. - GNU General Public License version 2 or later; see LICENSE.txt - admin@joomla.org - www.joomla.org - 4.0.0 - COM_CSP_XML_DESCRIPTION - Joomla\Component\Csp - - src - - - com_csp - - access.xml - config.xml - csp.xml - forms - services - src - tmpl - - - language/en-GB/com_csp.ini - language/en-GB/com_csp.sys.ini - - - diff --git a/administrator/components/com_csp/forms/filter_reports.xml b/administrator/components/com_csp/forms/filter_reports.xml deleted file mode 100644 index 72d1722e0e194..0000000000000 --- a/administrator/components/com_csp/forms/filter_reports.xml +++ /dev/null @@ -1,86 +0,0 @@ - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
diff --git a/administrator/components/com_csp/services/provider.php b/administrator/components/com_csp/services/provider.php deleted file mode 100644 index 96b65a9d4940b..0000000000000 --- a/administrator/components/com_csp/services/provider.php +++ /dev/null @@ -1,52 +0,0 @@ - - * @license GNU General Public License version 2 or later; see LICENSE.txt - */ - -defined('_JEXEC') or die; - -use Joomla\CMS\Dispatcher\ComponentDispatcherFactoryInterface; -use Joomla\CMS\Extension\ComponentInterface; -use Joomla\CMS\Extension\MVCComponent; -use Joomla\CMS\Extension\Service\Provider\ComponentDispatcherFactory; -use Joomla\CMS\Extension\Service\Provider\MVCFactory; -use Joomla\CMS\MVC\Factory\MVCFactoryInterface; -use Joomla\DI\Container; -use Joomla\DI\ServiceProviderInterface; - -/** - * The com_csp service provider. - * - * @since 4.0.0 - */ -return new class implements ServiceProviderInterface -{ - /** - * Registers the service provider with a DI container. - * - * @param Container $container The DI container. - * - * @return void - * - * @since 4.0.0 - */ - public function register(Container $container) - { - $container->registerServiceProvider(new MVCFactory('\\Joomla\\Component\\Csp')); - $container->registerServiceProvider(new ComponentDispatcherFactory('\\Joomla\\Component\\Csp')); - $container->set( - ComponentInterface::class, - function (Container $container) - { - $component = new MVCComponent($container->get(ComponentDispatcherFactoryInterface::class)); - $component->setMVCFactory($container->get(MVCFactoryInterface::class)); - - return $component; - } - ); - } -}; diff --git a/administrator/components/com_csp/src/Controller/DisplayController.php b/administrator/components/com_csp/src/Controller/DisplayController.php deleted file mode 100644 index 67648620437ac..0000000000000 --- a/administrator/components/com_csp/src/Controller/DisplayController.php +++ /dev/null @@ -1,63 +0,0 @@ - - * @license GNU General Public License version 2 or later; see LICENSE.txt - */ - -namespace Joomla\Component\Csp\Administrator\Controller; - -\defined('_JEXEC') or die; - -use Joomla\CMS\HTML\HTMLHelper; -use Joomla\CMS\Language\Text; -use Joomla\CMS\MVC\Controller\BaseController; -use Joomla\CMS\Plugin\PluginHelper; -use Joomla\Component\Csp\Administrator\Helper\ReporterHelper; - -/** - * Csp display controller. - * - * @since 4.0.0 - */ -class DisplayController extends BaseController -{ - /** - * The default view. - * - * @var string - * @since 4.0.0 - */ - protected $default_view = 'reports'; - - /** - * Method to display a view. - * - * @param boolean $cachable If true, the view output will be cached. - * @param mixed $urlparams An array of safe URL parameters and their variable types, for valid values see {@link \JFilterInput::clean()}. - * - * @return static This object to support chaining. - * - * @since 4.0.0 - */ - public function display($cachable = false, $urlparams = false) - { - // Show messages about the plugin when it is disabled - if (!PluginHelper::isEnabled('system', 'httpheaders')) - { - $httpHeadersId = ReporterHelper::getHttpHeadersPluginId(); - $link = HTMLHelper::_( - 'link', - '#plugin' . $httpHeadersId . 'Modal', - Text::_('COM_CSP_SYSTEM_PLUGIN'), - 'class="alert-link" data-bs-toggle="modal" id="title-' . $httpHeadersId . '"' - ); - - $this->app->enqueueMessage(Text::sprintf('COM_CSP_PLUGIN_MODAL_DISABLED', $link), 'error'); - } - - return parent::display(); - } -} diff --git a/administrator/components/com_csp/src/Controller/ReportsController.php b/administrator/components/com_csp/src/Controller/ReportsController.php deleted file mode 100644 index d293e1ec6eba9..0000000000000 --- a/administrator/components/com_csp/src/Controller/ReportsController.php +++ /dev/null @@ -1,38 +0,0 @@ - - * @license GNU General Public License version 2 or later; see LICENSE.txt - */ - -namespace Joomla\Component\Csp\Administrator\Controller; - -\defined('_JEXEC') or die; - -use Joomla\CMS\MVC\Controller\AdminController; - -/** - * Reports list controller class. - * - * @since 4.0.0 - */ -class ReportsController extends AdminController -{ - /** - * Proxy for getModel - * - * @param string $name The model name. Optional. - * @param string $prefix The class prefix. Optional. - * @param array $config The array of possible config values. Optional. - * - * @return \Joomla\CMS\MVC\Model\BaseDatabaseModel The model. - * - * @since 4.0.0 - */ - public function getModel($name = 'Report', $prefix = 'Administrator', $config = array('ignore_request' => true)) - { - return parent::getModel($name, $prefix, $config); - } -} diff --git a/administrator/components/com_csp/src/Helper/ReporterHelper.php b/administrator/components/com_csp/src/Helper/ReporterHelper.php deleted file mode 100644 index 5cb9c95a06761..0000000000000 --- a/administrator/components/com_csp/src/Helper/ReporterHelper.php +++ /dev/null @@ -1,145 +0,0 @@ - - * @license GNU General Public License version 2 or later; see LICENSE.txt - */ - -namespace Joomla\Component\Csp\Administrator\Helper; - -\defined('_JEXEC') or die; - -use Joomla\CMS\Factory; - -/** - * Reporter component helper. - * - * @since 4.0.0 - */ -class ReporterHelper -{ - /** - * Gets the httpheaders system plugin extension id. - * - * @return mixed The httpheaders system plugin extension id or false in case of an error. - * - * @since 4.0.0 - */ - public static function getHttpHeadersPluginId() - { - $db = Factory::getDbo(); - $query = $db->getQuery(true) - ->select($db->quoteName('extension_id')) - ->from($db->quoteName('#__extensions')) - ->where($db->quoteName('folder') . ' = ' . $db->quote('system')) - ->where($db->quoteName('element') . ' = ' . $db->quote('httpheaders')); - $db->setQuery($query); - - try - { - $result = (int) $db->loadResult(); - } - catch (\RuntimeException $e) - { - Factory::getApplication()->enqueueMessage($e->getMessage(), 'error'); - - return false; - } - - return $result; - } - - /** - * Check the com_csp trash to show a warning in this case - * - * @return boolean The status of the trash; Do items exists in the trash - * - * @since 4.0.0 - */ - public static function getCspTrashStatus() - { - $db = Factory::getDbo(); - $query = $db->getQuery(true) - ->select('COUNT(*)') - ->from($db->quoteName('#__csp')) - ->where($db->quoteName('published') . ' = ' . $db->quote('-2')); - $db->setQuery($query); - - try - { - $result = (int) $db->loadResult(); - } - catch (\RuntimeException $e) - { - Factory::getApplication()->enqueueMessage($e->getMessage(), 'error'); - - return false; - } - - return boolval($result); - } - - /** - * Check whether there are unsafe-inline rules published - * - * @return boolean Whether there are unsafe-inline rules published - * - * @since 4.0.0 - */ - public static function getCspUnsafeInlineStatus() - { - $db = Factory::getDbo(); - $query = $db->getQuery(true) - ->select('COUNT(*)') - ->from($db->quoteName('#__csp')) - ->where($db->quoteName('blocked_uri') . ' = ' . $db->quote("'unsafe-inline'")) - ->where($db->quoteName('published') . ' = 1'); - $db->setQuery($query); - - try - { - $result = (int) $db->loadResult(); - } - catch (\RuntimeException $e) - { - Factory::getApplication()->enqueueMessage($e->getMessage(), 'error'); - - return false; - } - - return boolval($result); - } - - /** - * Check whether there are unsafe-eval rules published - * - * @return boolean Whether there are unsafe-eval rules published - * - * @since 4.0.0 - */ - public static function getCspUnsafeEvalStatus() - { - $db = Factory::getDbo(); - $query = $db->getQuery(true) - ->select('COUNT(*)') - ->from($db->quoteName('#__csp')) - ->where($db->quoteName('blocked_uri') . ' = ' . $db->quote("'unsafe-eval'")) - ->where($db->quoteName('published') . ' = 1'); - $db->setQuery($query); - - try - { - $result = (int) $db->loadResult(); - } - catch (\RuntimeException $e) - { - Factory::getApplication()->enqueueMessage($e->getMessage(), 'error'); - - return false; - } - - return boolval($result); - } -} diff --git a/administrator/components/com_csp/src/Model/ReportModel.php b/administrator/components/com_csp/src/Model/ReportModel.php deleted file mode 100644 index 8bde470c00f0d..0000000000000 --- a/administrator/components/com_csp/src/Model/ReportModel.php +++ /dev/null @@ -1,45 +0,0 @@ - - * @license GNU General Public License version 2 or later; see LICENSE.txt - */ - -namespace Joomla\Component\Csp\Administrator\Model; - -\defined('_JEXEC') or die; - -use Joomla\CMS\MVC\Model\AdminModel; - -/** - * Report Model - * - * @since 4.0.0 - */ -class ReportModel extends AdminModel -{ - /** - * The prefix to use with controller messages. - * - * @var string - * @since 4.0.0 - */ - protected $text_prefix = 'COM_CSP'; - - /** - * Method to get the row form. - * - * @param array $data Data for the form. - * @param boolean $loadData True if the form is to load its own data (default case), false if not. - * - * @return \JForm|boolean A JForm object on success, false on failure - * - * @since 4.0.0 - */ - public function getForm($data = array(), $loadData = true) - { - return false; - } -} diff --git a/administrator/components/com_csp/src/Model/ReportsModel.php b/administrator/components/com_csp/src/Model/ReportsModel.php deleted file mode 100644 index 7dcc7d26efcef..0000000000000 --- a/administrator/components/com_csp/src/Model/ReportsModel.php +++ /dev/null @@ -1,174 +0,0 @@ - - * @license GNU General Public License version 2 or later; see LICENSE.txt - */ - -namespace Joomla\Component\Csp\Administrator\Model; - -\defined('_JEXEC') or die; - -use Joomla\CMS\MVC\Factory\MVCFactoryInterface; -use Joomla\CMS\MVC\Model\ListModel; -use Joomla\Database\ParameterType; - -/** - * CSP Component Reports Model - * - * @since 4.0.0 - */ -class ReportsModel extends ListModel -{ - /** - * Constructor - * - * @param array $config An array of configuration options (name, state, dbo, table_path, ignore_request). - * @param MVCFactoryInterface $factory The factory. - * - * @since 4.0.0 - * @throws \Exception - */ - public function __construct($config = array(), MVCFactoryInterface $factory = null) - { - if (empty($config['filter_fields'])) - { - $config['filter_fields'] = array( - 'id', 'a.id', - 'document_uri', 'a.document_uri', - 'blocked_uri', 'a.blocked_uri', - 'directive', 'a.directive', - 'client', 'a.client', - 'published', 'a.published', - 'created', 'a.created', - ); - } - - parent::__construct($config, $factory); - } - - /** - * Method to auto-populate the model state. - * - * Note. Calling getState in this method will result in recursion. - * - * @param string $ordering An optional ordering field. - * @param string $direction An optional direction (asc|desc). - * - * @return void - * - * @since 4.0.0 - */ - protected function populateState($ordering = 'a.id', $direction = 'asc') - { - // List state information. - parent::populateState($ordering, $direction); - } - - /** - * Method to get a store id based on model configuration state. - * - * This is necessary because the model is used by the component and - * different modules that might need different sets of data or different - * ordering requirements. - * - * @param string $id A prefix for the store id. - * - * @return string A store id. - * - * @since 4.0.0 - */ - protected function getStoreId($id = '') - { - // Compile the store id. - $id .= ':' . $this->getState('filter.search'); - $id .= ':' . $this->getState('filter.published'); - - return parent::getStoreId($id); - } - - /** - * Method to create a query for a list of items. - * - * @return string - * - * @since 4.0.0 - */ - protected function getListQuery() - { - $db = $this->getDbo(); - $query = $db->getQuery(true); - - // Select the required fields from the table. - $query - ->select('*') - ->from($db->quoteName('#__csp', 'a')); - - // Filter by client - $client = (string) $this->getState('filter.client'); - - if (!empty($client)) - { - $query->where($db->quoteName('a.client') . ' = :client') - ->bind(':client', $client); - } - - // Filter by published state - $published = (string) $this->getState('filter.published'); - - if (is_numeric($published)) - { - $published = (int) $published; - $query->where($db->quoteName('a.published') . ' = :published') - ->bind(':published', $published, ParameterType::INTEGER); - } - elseif ($published === '') - { - $query->whereIn($db->quoteName('a.published'), [0, 1]); - } - - // Filter by directive - $directive = (string) $this->getState('filter.directive'); - - if (!empty($directive)) - { - $query->where($db->quoteName('a.directive') . ' = :directive') - ->bind(':directive', $directive); - } - - // Filter by search in title - $search = $this->getState('filter.search'); - - if (!empty($search)) - { - if (stripos($search, 'id:') === 0) - { - $ids = (int) substr($search, 3); - $query->where($db->quoteName('a.id') . ' = :id'); - $query->bind(':id', $ids, ParameterType::INTEGER); - } - else - { - $search = '%' . trim($search) . '%'; - $query->where( - '(' . $db->quoteName('a.document_uri') . ' LIKE :documenturi' - . ' OR ' . $db->quoteName('a.blocked_uri') . ' LIKE :blockeduri' - . ' OR ' . $db->quoteName('a.directive') . ' LIKE :directive)' - ) - ->bind(':documenturi', $search) - ->bind(':blockeduri', $search) - ->bind(':directive', $search); - } - } - - // Add the list ordering clause - $listOrdering = $this->getState('list.ordering', 'a.id'); - $listDirn = $db->escape($this->getState('list.direction', 'ASC')); - - $query->order($db->escape($listOrdering) . ' ' . $listDirn); - - return $query; - } -} diff --git a/administrator/components/com_csp/src/Table/ReportTable.php b/administrator/components/com_csp/src/Table/ReportTable.php deleted file mode 100644 index aa8a806b0ed2d..0000000000000 --- a/administrator/components/com_csp/src/Table/ReportTable.php +++ /dev/null @@ -1,35 +0,0 @@ - - * @license GNU General Public License version 2 or later; see LICENSE.txt - */ - -namespace Joomla\Component\Csp\Administrator\Table; - -\defined('_JEXEC') or die; - -use Joomla\CMS\Table\Table; -use Joomla\Database\DatabaseInterface; - -/** - * Report table - * - * @since 4.0.0 - */ -class ReportTable extends Table -{ - /** - * Constructor - * - * @param DatabaseInterface $db Database driver object. - * - * @since 4.0.0 - */ - public function __construct(DatabaseInterface $db) - { - parent::__construct('#__csp', 'id', $db); - } -} diff --git a/administrator/components/com_csp/src/View/Reports/HtmlView.php b/administrator/components/com_csp/src/View/Reports/HtmlView.php deleted file mode 100644 index e2e217df15432..0000000000000 --- a/administrator/components/com_csp/src/View/Reports/HtmlView.php +++ /dev/null @@ -1,183 +0,0 @@ - - * @license GNU General Public License version 2 or later; see LICENSE.txt - */ - -namespace Joomla\Component\Csp\Administrator\View\Reports; - -\defined('_JEXEC') or die; - -use Joomla\CMS\Component\ComponentHelper; -use Joomla\CMS\Helper\ContentHelper; -use Joomla\CMS\Language\Text; -use Joomla\CMS\MVC\View\GenericDataException; -use Joomla\CMS\MVC\View\HtmlView as BaseHtmlView; -use Joomla\CMS\Plugin\PluginHelper; -use Joomla\CMS\Toolbar\ToolbarHelper; -use Joomla\Component\Csp\Administrator\Helper\ReporterHelper; - -/** - * Reports view class for the Csp package. - * - * @since 4.0.0 - */ -class HtmlView extends BaseHtmlView -{ - /** - * An array of items - * - * @var array - * @since 4.0.0 - */ - protected $items; - - /** - * The pagination object - * - * @var \Joomla\CMS\Pagination\Pagination - * @since 4.0.0 - */ - protected $pagination; - - /** - * The model state - * - * @var \JObject - * @since 4.0.0 - */ - protected $state; - - /** - * Form object for search filters - * - * @var \JForm - * @since 4.0.0 - */ - public $filterForm; - - /** - * The active search filters - * - * @var array - * @since 4.0.0 - */ - public $activeFilters; - - /** - * The id of the httpheaders plugin in mysql - * - * @var integer - * @since 4.0.0 - */ - protected $httpHeadersId = 0; - - /** - * Is this view an Empty State - * - * @var boolean - * @since __DEPLOY_VERSION__ - */ - private $isEmptyState = false; - - /** - * Execute and display a template script. - * - * @param string $tpl The name of the template file to parse; automatically searches through the template paths. - * - * @return mixed A string if successful, otherwise an Error object. - * - * @since 4.0.0 - */ - public function display($tpl = null) - { - $this->items = $this->get('Items'); - $this->pagination = $this->get('Pagination'); - $this->state = $this->get('State'); - $this->activeFilters = $this->get('ActiveFilters'); - $this->filterForm = $this->get('FilterForm'); - - if (!count($this->items) && $this->isEmptyState = $this->get('IsEmptyState')) - { - $this->setLayout('emptystate'); - } - - // Check for errors. - if (count($errors = $this->get('Errors'))) - { - throw new GenericDataException(implode("\n", $errors), 500); - } - - if (!(PluginHelper::isEnabled('system', 'httpheaders'))) - { - $this->httpHeadersId = ReporterHelper::getHttpHeadersPluginId(); - } - - if (ComponentHelper::getParams('com_csp')->get('contentsecuritypolicy_mode', 'detect') === 'detect' - && ComponentHelper::getParams('com_csp')->get('contentsecuritypolicy', 0) - && ReporterHelper::getCspTrashStatus()) - { - $this->trashWarningMessage = Text::_('COM_CSP_COLLECTING_TRASH_WARNING'); - } - - if (ComponentHelper::getParams('com_csp')->get('contentsecuritypolicy_mode', 'detect') === 'auto' - && ComponentHelper::getParams('com_csp')->get('contentsecuritypolicy', 0) - && ReporterHelper::getCspUnsafeInlineStatus()) - { - $this->unsafeInlineWarningMessage = Text::_('COM_CSP_AUTO_UNSAFE_INLINE_WARNING'); - } - - if (ComponentHelper::getParams('com_csp')->get('contentsecuritypolicy_mode', 'detect') === 'auto' - && ComponentHelper::getParams('com_csp')->get('contentsecuritypolicy', 0) - && ReporterHelper::getCspUnsafeEvalStatus()) - { - $this->unsafeEvalWarningMessage = Text::_('COM_CSP_AUTO_UNSAFE_EVAL_WARNING'); - } - - $this->addToolbar(); - - return parent::display($tpl); - } - - /** - * Add the page title and toolbar. - * - * @return void - * - * @since 4.0.0 - */ - protected function addToolbar() - { - $canDo = ContentHelper::getActions('com_csp'); - - ToolbarHelper::title(Text::_('COM_CSP_REPORTS'), 'shield-alt'); - - if (!$this->isEmptyState) - { - if ($canDo->get('core.edit.state')) - { - ToolbarHelper::publish('reports.publish', 'JTOOLBAR_ENABLE', true); - ToolbarHelper::unpublish('reports.unpublish', 'JTOOLBAR_DISABLE', true); - } - - if ($this->state->get('filter.published') == -2 && $canDo->get('core.delete')) - { - ToolbarHelper::deleteList('JGLOBAL_CONFIRM_DELETE', 'reports.delete', 'JTOOLBAR_EMPTY_TRASH'); - } - elseif ($canDo->get('core.edit.state')) - { - ToolbarHelper::trash('reports.trash'); - } - } - - if ($canDo->get('core.admin') || $canDo->get('core.options')) - { - ToolbarHelper::preferences('com_csp'); - } - - ToolbarHelper::help('JHELP_COMPONENTS_CSP_REPORTS'); - } -} diff --git a/administrator/components/com_csp/tmpl/reports/default.php b/administrator/components/com_csp/tmpl/reports/default.php deleted file mode 100644 index eb46660f8230e..0000000000000 --- a/administrator/components/com_csp/tmpl/reports/default.php +++ /dev/null @@ -1,149 +0,0 @@ - - * @license GNU General Public License version 2 or later; see LICENSE.txt - */ - -defined('_JEXEC') or die; - -use Joomla\CMS\Factory; -use Joomla\CMS\HTML\HTMLHelper; -use Joomla\CMS\Language\Text; -use Joomla\CMS\Layout\LayoutHelper; -use Joomla\CMS\Router\Route; - -HTMLHelper::_('behavior.multiselect'); - -$user = Factory::getUser(); -$userId = $user->get('id'); -$listOrder = $this->escape($this->state->get('list.ordering')); -$listDirn = $this->escape($this->state->get('list.direction')); -$saveOrder = $listOrder == 'a.id'; - -?> -
-
-
-
- $this)); ?> - httpHeadersId) : ?> - httpHeadersId . '&tmpl=component&layout=modal'); ?> - httpHeadersId . 'Modal', - array( - 'url' => $link, - 'title' => Text::_('COM_CSP_EDIT_PLUGIN_SETTINGS'), - 'height' => '400px', - 'width' => '800px', - 'bodyHeight' => '70', - 'modalWidth' => '80', - 'closeButton' => false, - 'backdrop' => 'static', - 'keyboard' => false, - 'footer' => '' - . '' - . '' - ) - ); ?> - - trashWarningMessage)) : ?> - enqueueMessage($this->trashWarningMessage, 'warning'); ?> - - unsafeInlineWarningMessage)) : ?> - enqueueMessage($this->unsafeInlineWarningMessage, 'warning'); ?> - - unsafeEvalWarningMessage)) : ?> - enqueueMessage($this->unsafeEvalWarningMessage, 'warning'); ?> - - items)) : ?> -
- - -
- - - - - - - - - - - - - - - - - items as $i => $item) : ?> - authorise('core.edit.state', 'com_csp'); ?> - - - - - - - - - - - - -
- - - - - - - - - - - - - - - -
- id); ?> - - published, $i, 'reports.', $canChange, 'cb'); ?> - - document_uri; ?> - - blocked_uri; ?> - - directive; ?> - - client)); ?> - - created > 0 ? HTMLHelper::_('date', $item->created, Text::_('DATE_FORMAT_LC4')) : '-'; ?> - - id; ?> -
- - - pagination->getListFooter(); ?> - - - - - -
-
-
-
diff --git a/administrator/components/com_csp/tmpl/reports/default.xml b/administrator/components/com_csp/tmpl/reports/default.xml deleted file mode 100644 index b9e433d38f42e..0000000000000 --- a/administrator/components/com_csp/tmpl/reports/default.xml +++ /dev/null @@ -1,8 +0,0 @@ - - - - - - - - diff --git a/administrator/components/com_csp/tmpl/reports/emptystate.php b/administrator/components/com_csp/tmpl/reports/emptystate.php deleted file mode 100644 index 2f2484fee9f7e..0000000000000 --- a/administrator/components/com_csp/tmpl/reports/emptystate.php +++ /dev/null @@ -1,20 +0,0 @@ - - * @license GNU General Public License version 2 or later; see LICENSE.txt - */ - -defined('_JEXEC') or die; - -use Joomla\CMS\Layout\LayoutHelper; - -$displayData = [ - 'textPrefix' => 'COM_CSP', - 'helpURL' => 'https://docs.joomla.org/Special:MyLanguage/Help4.x:Content_Security_Policy_Reports', - 'icon' => 'icon-shield-alt', -]; - -echo LayoutHelper::render('joomla.content.emptystate', $displayData); diff --git a/administrator/components/com_menus/presets/alternate.xml b/administrator/components/com_menus/presets/alternate.xml index 1fb555fe9aee6..761677398d0c4 100644 --- a/administrator/components/com_menus/presets/alternate.xml +++ b/administrator/components/com_menus/presets/alternate.xml @@ -511,14 +511,6 @@ link="index.php?option=com_languages&view=overrides" /> - - - - -; License GNU General Public License version 2 or later; see LICENSE.txt -; Note : All ini files need to be saved as UTF-8 - -COM_CSP="Content Security Policy" -COM_CSP_AUTO_UNSAFE_EVAL_WARNING="You have configured a rule that still allows 'unsafe-eval' that bypasses the Content Security Policy and allows the execution of code injected into DOM APIs such as eval()." -COM_CSP_AUTO_UNSAFE_INLINE_WARNING="You have configured a rule that still allows 'unsafe-inline' that bypasses the Content Security Policy and allows the execution of unsafe in-page scripts and event handlers." -COM_CSP_COLLECTING_TRASH_WARNING="The Content Security Policy is in detect mode. Items that have been trashed will not be detected again until they are removed from the trash." -COM_CSP_CONFIGURATION="Content Security Policy: Options" -; Please do not translate the following language string -COM_CSP_CONTENTSECURITYPOLICY="Content Security Policy (CSP)" -COM_CSP_CONTENTSECURITYPOLICY_CLIENT="Client" -; Please do not translate the following language string -COM_CSP_CONTENTSECURITYPOLICY_FRAME_ANCESTORS_SELF_ENABLED="frame-ancestors 'self'" -COM_CSP_CONTENTSECURITYPOLICY_FRAME_ANCESTORS_SELF_ENABLED_DESC="Enable the CSP clickjacking protection frame-ancestors and only allow the origin 'self'. Please use the form below to allow origins other than 'self'." -COM_CSP_CONTENTSECURITYPOLICY_MODE="Mode" -COM_CSP_CONTENTSECURITYPOLICY_MODE_AUTO="Automatic" -COM_CSP_CONTENTSECURITYPOLICY_MODE_CUSTOM="Custom" -COM_CSP_CONTENTSECURITYPOLICY_MODE_DETECT="Detect" -; Please only change the URL in the following language string -COM_CSP_CONTENTSECURITYPOLICY_NONCE_ENABLED="Nonce" -COM_CSP_CONTENTSECURITYPOLICY_NONCE_ENABLED_DESC="Enable the whitelist for specific inline scripts using a cryptographic nonce (number used once) for all scripts and styles using the Joomla API. Specifying a nonce makes a modern browser ignore 'unsafe-inline' which should still be set for older browsers without nonce support." -; Please do not translate 'Content-Security-Policy' & 'Content-Security-Policy-Report-Only' in the following language string -COM_CSP_CONTENTSECURITYPOLICY_REPORT_ONLY_DESC="Use the header 'Content-Security-Policy-Report-Only' instead of 'Content-Security-Policy'." -; Please do not translate the following two language strings -COM_CSP_CONTENTSECURITYPOLICY_REPORT_ONLY="Report-Only" -COM_CSP_CONTENTSECURITYPOLICY_STRICT_DYNAMIC_ENABLED="strict-dynamic" -; Please do not translate 'strict-dynamic', 'self' and 'unsafe-inline' in the following language string -COM_CSP_CONTENTSECURITYPOLICY_STRICT_DYNAMIC_ENABLED_DESC="The strict-dynamic source expression specifies that the trust explicitly given to a script present in the markup, by accompanying it with a nonce or a hash, shall be propagated to all the scripts loaded by that root script. At the same time, any allowed or source expressions such as 'self' or 'unsafe-inline' will be ignored." -; Please only change the URL in the following language string -COM_CSP_CONTENTSECURITYPOLICY_SCRIPT_HASHES_ENABLED="Script hashes" -COM_CSP_CONTENTSECURITYPOLICY_SCRIPT_HASHES_ENABLED_DESC="Enable the optional hash based whitelist inline scripts using a cryptographic hash for all scripts using the Joomla API. Specifying hashes makes a modern browser ignore 'unsafe-inline' which should still be set for older browsers without hash support." -; Please only change the URL in the following language string -COM_CSP_CONTENTSECURITYPOLICY_STYLE_HASHES_ENABLED="Style hashes" -COM_CSP_CONTENTSECURITYPOLICY_STYLE_HASHES_ENABLED_DESC="Enable the optional hash based whitelist inline styles using a cryptographic hash for all styles using the Joomla API. Specifying hashes makes a modern browser ignore 'unsafe-inline' which should still be set for older browsers without hash support." -COM_CSP_CONTENTSECURITYPOLICY_VALUES="Add Directive" -COM_CSP_CONTENTSECURITYPOLICY_VALUES_DIRECTIVE="Policy Directive" -COM_CSP_CONTENTSECURITYPOLICY_VALUES_VALUE="Value" -COM_CSP_EDIT_PLUGIN_SETTINGS="Edit Plugin Settings" -COM_CSP_EMPTYSTATE_CONTENT="The Content Security Policy (CSP) Reports list is used to review and manage collected CSP reports." -COM_CSP_EMPTYSTATE_TITLE="No CSP reports created yet." -COM_CSP_FILTER_DIRECTIVE="- Select Directive -" -COM_CSP_FILTER_SEARCH_DESC="Search in the table fields. Prefix with ID: to search by ID." -COM_CSP_FILTER_SEARCH_LABEL="Search Content Security Policy Reports" -COM_CSP_HEADER_CLIENT="Client" -COM_CSP_HEADER_CLIENT_BOTH="Both" -COM_CSP_HEADING_BLOCKED_URI="Blocked Element" -COM_CSP_HEADING_BLOCKED_URI_ASC="Blocked Element ascending" -COM_CSP_HEADING_BLOCKED_URI_DESC="Blocked Element descending" -COM_CSP_HEADING_CLIENT_ASC="Location ascending" -COM_CSP_HEADING_CLIENT_DESC="Location descending" -COM_CSP_HEADING_CREATED="Created" -COM_CSP_HEADING_CREATED_ASC="Created ascending" -COM_CSP_HEADING_CREATED_DESC="Created descending" -COM_CSP_HEADING_DIRECTIVE="Directive" -COM_CSP_HEADING_DIRECTIVE_ASC="Directive ascending" -COM_CSP_HEADING_DIRECTIVE_DESC="Directive descending" -COM_CSP_HEADING_DOCUMENT_URI="URL" -COM_CSP_HEADING_DOCUMENT_URI_ASC="URL ascending" -COM_CSP_HEADING_DOCUMENT_URI_DESC="URL descending" -COM_CSP_N_ITEMS_DELETED="%d reports deleted." -COM_CSP_N_ITEMS_DELETED_1="Report deleted." -COM_CSP_N_ITEMS_PUBLISHED="%d reports published." -COM_CSP_N_ITEMS_PUBLISHED_1="Report published." -COM_CSP_N_ITEMS_TRASHED="%d reports trashed." -COM_CSP_N_ITEMS_TRASHED_1="Report trashed." -COM_CSP_N_ITEMS_UNPUBLISHED="%d reports unpublished." -COM_CSP_N_ITEMS_UNPUBLISHED_1="Report unpublished." -COM_CSP_PLUGIN_MODAL_DISABLED="The %s is disabled. It needs to be enabled for this component to work." -COM_CSP_REPORTS="Content Security Policy Reports" -COM_CSP_SYSTEM_PLUGIN="HTTP Headers System Plugin" -COM_CSP_TABLE_CAPTION="Table of Content Security Policy Reports" -JLIB_HTML_PUBLISH_ITEM="Enable" -JLIB_HTML_UNPUBLISH_ITEM="Disable" diff --git a/administrator/language/en-GB/com_csp.sys.ini b/administrator/language/en-GB/com_csp.sys.ini deleted file mode 100644 index 67625ea611fe6..0000000000000 --- a/administrator/language/en-GB/com_csp.sys.ini +++ /dev/null @@ -1,9 +0,0 @@ -; Joomla! Project -; (C) 2018 Open Source Matters, Inc. -; License GNU General Public License version 2 or later; see LICENSE.txt -; Note : All ini files need to be saved as UTF-8 - -COM_CSP="Content Security Policy" -COM_CSP_REPORTS_VIEW_DEFAULT_DESC="Shows a list of all CSP reports." -COM_CSP_REPORTS_VIEW_DEFAULT_TITLE="List All Content Security Policy (CSP) Reports " -COM_CSP_XML_DESCRIPTION="This component manages the Content Security Policy (CSP) reports." diff --git a/administrator/language/en-GB/joomla.ini b/administrator/language/en-GB/joomla.ini index 52a4a3fb6250e..3bfcd9dcb216d 100644 --- a/administrator/language/en-GB/joomla.ini +++ b/administrator/language/en-GB/joomla.ini @@ -711,7 +711,6 @@ JHELP_COMPONENTS_COM_CACHE_OPTIONS="Cache:_Options" JHELP_COMPONENTS_COM_CHECKIN_OPTIONS="Check-in:_Options" JHELP_COMPONENTS_COM_CONTACT_OPTIONS="Contacts:_Options" JHELP_COMPONENTS_COM_CONTENT_OPTIONS="Articles:_Options" -JHELP_COMPONENTS_COM_CSP_OPTIONS="Content_Security_Policy:_Options" JHELP_COMPONENTS_COM_FINDER_OPTIONS="Smart_Search:_Options" JHELP_COMPONENTS_COM_INSTALLER_OPTIONS="Installer:_Options" JHELP_COMPONENTS_COM_JOOMLAUPDATE_OPTIONS="Joomla_Update:_Options" diff --git a/administrator/language/en-GB/mod_menu.ini b/administrator/language/en-GB/mod_menu.ini index 279ef70885878..b13e0265005b5 100644 --- a/administrator/language/en-GB/mod_menu.ini +++ b/administrator/language/en-GB/mod_menu.ini @@ -105,7 +105,6 @@ MOD_MENU_INSTALLER_SUBMENU_WARNINGS="Warnings" MOD_MENU_LOGOUT="Logout" MOD_MENU_MAINTAIN="Maintenance" MOD_MENU_MANAGE="Manage" -MOD_MENU_MANAGE_CSP="Content Security Policy" MOD_MENU_MANAGE_EXTENSIONS="Extensions" MOD_MENU_MANAGE_LANGUAGES="Languages" MOD_MENU_MANAGE_LANGUAGES_CONTENT="Content Languages" diff --git a/administrator/language/en-GB/plg_system_httpheaders.ini b/administrator/language/en-GB/plg_system_httpheaders.ini index 3c0c1170ef7f8..dd306e0860982 100644 --- a/administrator/language/en-GB/plg_system_httpheaders.ini +++ b/administrator/language/en-GB/plg_system_httpheaders.ini @@ -10,6 +10,31 @@ PLG_SYSTEM_HTTPHEADERS_ADDITIONAL_HEADER="Force HTTP Headers" PLG_SYSTEM_HTTPHEADERS_ADDITIONAL_HEADER_KEY="HTTP Header" PLG_SYSTEM_HTTPHEADERS_ADDITIONAL_HEADER_VALUE="HTTP Header Value" ; Please do not translate the following language string +PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY="Content Security Policy (CSP)" +PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_CLIENT="Client" +; Please do not translate the following language string +PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_FRAME_ANCESTORS_SELF_ENABLED="frame-ancestors 'self'" +PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_FRAME_ANCESTORS_SELF_ENABLED_DESC="Enable the CSP clickjacking protection frame-ancestors and only allow the origin 'self'. Please use the form below to allow origins other than 'self'." +; Please only change the URL in the following language string +PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_NONCE_ENABLED="Nonce" +PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_NONCE_ENABLED_DESC="Enable the whitelist for specific inline scripts using a cryptographic nonce (number used once) for all scripts and styles using the Joomla API. Specifying a nonce makes a modern browser ignore 'unsafe-inline' which should still be set for older browsers without nonce support." +; Please do not translate 'Content-Security-Policy' & 'Content-Security-Policy-Report-Only' in the following language string +PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_REPORT_ONLY_DESC="Use the header 'Content-Security-Policy-Report-Only' instead of 'Content-Security-Policy'." +; Please do not translate the following two language strings +PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_REPORT_ONLY="Report-Only" +PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_STRICT_DYNAMIC_ENABLED="strict-dynamic" +; Please do not translate 'strict-dynamic', 'self' and 'unsafe-inline' in the following language string +PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_STRICT_DYNAMIC_ENABLED_DESC="The strict-dynamic source expression specifies that the trust explicitly given to a script present in the markup, by accompanying it with a nonce or a hash, shall be propagated to all the scripts loaded by that root script. At the same time, any allowed or source expressions such as 'self' or 'unsafe-inline' will be ignored." +; Please only change the URL in the following language string +PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_SCRIPT_HASHES_ENABLED="Script hashes" +PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_SCRIPT_HASHES_ENABLED_DESC="Enable the optional hash based whitelist inline scripts using a cryptographic hash for all scripts using the Joomla API. Specifying hashes makes a modern browser ignore 'unsafe-inline' which should still be set for older browsers without hash support." +; Please only change the URL in the following language string +PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_STYLE_HASHES_ENABLED="Style hashes" +PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_STYLE_HASHES_ENABLED_DESC="Enable the optional hash based whitelist inline styles using a cryptographic hash for all styles using the Joomla API. Specifying hashes makes a modern browser ignore 'unsafe-inline' which should still be set for older browsers without hash support." +PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_VALUES="Add Directive" +PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_VALUES_DIRECTIVE="Policy Directive" +PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_VALUES_VALUE="Value" +; Please do not translate the following language string PLG_SYSTEM_HTTPHEADERS_COOP="Cross-Origin-Opener-Policy" PLG_SYSTEM_HTTPHEADERS_HEADER_CLIENT="Client" PLG_SYSTEM_HTTPHEADERS_HEADER_CLIENT_BOTH="Both" @@ -35,3 +60,4 @@ PLG_SYSTEM_HTTPHEADERS_REFERRERPOLICY="X-Frame-Options" ; Please do not translate 'HTTP Security Headers' in the following language string PLG_SYSTEM_HTTPHEADERS_XML_DESCRIPTION="This Plugin helps you to set the HTTP Security Headers" + diff --git a/api/language/en-GB/joomla.ini b/api/language/en-GB/joomla.ini index f7ab89ba9d3d7..be7a1f715752d 100644 --- a/api/language/en-GB/joomla.ini +++ b/api/language/en-GB/joomla.ini @@ -706,7 +706,6 @@ JHELP_COMPONENTS_COM_CACHE_OPTIONS="Cache:_Options" JHELP_COMPONENTS_COM_CHECKIN_OPTIONS="Check-in:_Options" JHELP_COMPONENTS_COM_CONTACT_OPTIONS="Contacts:_Options" JHELP_COMPONENTS_COM_CONTENT_OPTIONS="Articles:_Options" -JHELP_COMPONENTS_COM_CSP_OPTIONS="Content_Security_Policy:_Options" JHELP_COMPONENTS_COM_FINDER_OPTIONS="Smart_Search:_Options" JHELP_COMPONENTS_COM_INSTALLER_OPTIONS="Installer:_Options" JHELP_COMPONENTS_COM_JOOMLAUPDATE_OPTIONS="Joomla_Update:_Options" diff --git a/components/com_csp/src/Controller/ReportController.php b/components/com_csp/src/Controller/ReportController.php deleted file mode 100644 index a2b4f21dac867..0000000000000 --- a/components/com_csp/src/Controller/ReportController.php +++ /dev/null @@ -1,253 +0,0 @@ - - * @license GNU General Public License version 2 or later; see LICENSE.txt - */ - -namespace Joomla\Component\Csp\Site\Controller; - -\defined('_JEXEC') or die; - -use Joomla\CMS\Factory; -use Joomla\CMS\MVC\Controller\BaseController; -use Joomla\Utilities\ArrayHelper; - -/** - * Csp Controller - * - * @since 4.0.0 - */ -class ReportController extends BaseController -{ - /** - * The list of valid directives based on: https://www.w3.org/TR/CSP3/#csp-directives - * - * @var array - * @since 4.0.0 - */ - private $validDirectives = [ - 'child-src', - 'connect-src', - 'default-src', - 'font-src', - 'frame-src', - 'img-src', - 'manifest-src', - 'media-src', - 'prefetch-src', - 'object-src', - 'script-src', - 'script-src-elem', - 'script-src-attr', - 'style-src', - 'style-src-elem', - 'style-src-attr', - 'worker-src', - 'base-uri', - 'plugin-types', - 'sandbox', - 'form-action', - 'frame-ancestors', - 'navigate-to', - 'report-uri', - 'report-to', - 'block-all-mixed-content', - 'upgrade-insecure-requests', - 'require-sri-for', - ]; - - /** - * Log the CSP request - * - * @return void - * - * @since 4.0.0 - */ - public function log() - { - // Make sure we we are in detect mode and csp is active - if (Factory::getApplication()->getParams()->get('contentsecuritypolicy_mode', 'custom') !== 'detect' - && Factory::getApplication()->getParams()->get('contentsecuritypolicy', '0') === '1') - { - $this->app->close(); - } - - $data = $this->input->json->get('csp-report', [], 'Array'); - - // No data has been passed - if (empty($data)) - { - $this->app->close(); - } - - $report = new \stdClass; - - // Make sure the client reported is enabled to get reports. - $report->client = $this->app->getInput()->get('client', false); - - // Make sure the client is passed and has an valid value - if ($report->client === false || !in_array($report->client, ['site', 'administrator'])) - { - $this->app->close(); - } - - // Make sure the client reported is enabled to get reports. - $configuredCspClient = Factory::getApplication()->getParams()->get('contentsecuritypolicy_client', 'site'); - - if ($report->client !== $configuredCspClient && $configuredCspClient !== 'both') - { - $this->app->close(); - } - - // Check the document-uri field - $documentUri = (string) ArrayHelper::getValue($data, 'document-uri'); - - // Make sure the document-uri is a valid url - if (filter_var($documentUri, FILTER_VALIDATE_URL) === false) - { - $this->app->close(); - } - - $parsedDocumentUri = parse_url($documentUri); - $report->document_uri = $parsedDocumentUri['scheme'] . '://' . $parsedDocumentUri['host']; - - // Check the blocked-uri field - $blockedUri = (string) ArrayHelper::getValue($data, 'blocked-uri'); - $report->blocked_uri = false; - - // Check for "eval" or "inline" lets make sure they get reported in the correct way - if (in_array($blockedUri, ['eval', 'inline'])) - { - $report->blocked_uri = "'unsafe-" . $blockedUri . "'"; - } - - // Handle data reports correctly - if ($blockedUri === 'data') - { - $report->blocked_uri = 'data:'; - } - - // The blocked-uri is not a special keyword but an valid URL. - if ($report->blocked_uri === false && filter_var($blockedUri, FILTER_VALIDATE_URL) !== false) - { - $parsedBlockedUri = parse_url($blockedUri); - $report->blocked_uri = $parsedBlockedUri['scheme'] . '://' . $parsedBlockedUri['host']; - } - - // The blocked-uri is not a valid URL an not an special keyword - if ($report->blocked_uri === false) - { - $this->app->close(); - } - - // Check the violated-directive && effective-directive fields - $report->directive = $this->cleanReportDirective((string) ArrayHelper::getValue($data, 'violated-directive', '')); - $effectiveDirective = $this->cleanReportDirective((string) ArrayHelper::getValue($data, 'effective-directive', '')); - - // Fallback to the effective-directive when the violated-directive is not set. - if ($report->directive === false && $effectiveDirective !== false) - { - $report->directive = $effectiveDirective; - } - - // We have an unknown or invalid directive - if ($report->directive === false) - { - $this->app->close(); - } - - $now = Factory::getDate()->toSql(); - - $report->created = $now; - $report->modified = $now; - - $db = Factory::getDbo(); - - $db->lockTable('#__csp'); - - if ($this->isEntryExisting($report)) - { - $db->unlockTables(); - - $this->app->close(); - } - - $table = $this->app->bootComponent('com_csp')->getMVCFactory()->createTable('Report', 'Administrator'); - - $table->bind($report); - $table->store(); - - $db->unlockTables(); - - $this->app->close(); - } - - /** - * Check if we already logged this entry - * - * @param object $report The generated report row - * - * @return boolean - * - * @since 4.0.0 - */ - private function isEntryExisting($report) - { - $db = Factory::getDbo(); - - $query = $db->getQuery(true); - - $query - ->select('COUNT(*)') - ->from($db->quoteName('#__csp')) - ->where($db->quoteName('blocked_uri') . ' = :blocked_uri') - ->where($db->quoteName('directive') . ' = :directive') - ->where($db->quoteName('client') . ' = :client') - ->bind(':blocked_uri', $report->blocked_uri) - ->bind(':directive', $report->directive) - ->bind(':client', $report->client); - - $db->setQuery($query); - - try - { - $result = (int) $db->loadResult(); - } - catch (\RuntimeException $e) - { - return false; - } - - return $result > 0; - } - - /** - * Clean the directive where browsers do append more stuff than we don't need - * - * @param object $reportedDirective The directive from the browsers. - * - * @return mixed - * - * @since 4.0.0 - */ - private function cleanReportDirective($reportedDirective) - { - // Explode the reported directive (e.g. "default-src 'self'") by space. - $explodeDirective = explode(' ', $reportedDirective); - - // Note: Directive names are case-insensitive, that is: script-SRC 'none' and ScRiPt-sRc 'none' are equivalent. - $cleandedDirective = strtolower($explodeDirective[0]); - - // Make sure this is a valid directive. - if (!in_array($cleandedDirective, $this->validDirectives)) - { - return false; - } - - // Return the validated directive - return $cleandedDirective; - } -} diff --git a/installation/sql/mysql/base.sql b/installation/sql/mysql/base.sql index ed53b2554ab92..c23dd79afc8ea 100644 --- a/installation/sql/mysql/base.sql +++ b/installation/sql/mysql/base.sql @@ -88,7 +88,6 @@ INSERT INTO `#__assets` (`id`, `parent_id`, `lft`, `rgt`, `level`, `name`, `titl (66, 1, 131, 132, 1, 'com_actionlogs', 'com_actionlogs', '{}'), (67, 18, 74, 75, 2, 'com_modules.module.88', 'Latest Actions', '{}'), (68, 18, 76, 77, 2, 'com_modules.module.89', 'Privacy Dashboard', '{}'), -(69, 1, 153, 154, 1, 'com_csp', 'com_csp', '{}'), (70, 18, 90, 91, 2, 'com_modules.module.103', 'Site', '{}'), (71, 18, 92, 93, 2, 'com_modules.module.104', 'System', '{}'), (72, 18, 94, 95, 2, 'com_modules.module.91', 'System Dashboard', '{}'), @@ -175,7 +174,6 @@ INSERT INTO `#__extensions` (`package_id`, `name`, `type`, `element`, `folder`, (0, 'com_privacy', 'component', 'com_privacy', '', 1, 1, 1, 0, 1, '', '', ''), (0, 'com_actionlogs', 'component', 'com_actionlogs', '', 1, 1, 1, 0, 1, '', '{"ip_logging":0,"csv_delimiter":",","loggable_extensions":["com_banners","com_cache","com_categories","com_checkin","com_config","com_contact","com_content","com_installer","com_media","com_menus","com_messages","com_modules","com_newsfeeds","com_plugins","com_redirect","com_tags","com_templates","com_users"]}', ''), (0, 'com_workflow', 'component', 'com_workflow', '', 1, 1, 0, 1, 1, '', '{}', ''), -(0, 'com_csp', 'component', 'com_csp', '', 1, 1, 1, 0, 1, '', '', ''), (0, 'com_mails', 'component', 'com_mails', '', 1, 1, 1, 1, 1, '', '', ''); -- Libraries diff --git a/installation/sql/postgresql/base.sql b/installation/sql/postgresql/base.sql index 4744600d420a6..427f897540cf0 100644 --- a/installation/sql/postgresql/base.sql +++ b/installation/sql/postgresql/base.sql @@ -94,7 +94,6 @@ INSERT INTO "#__assets" ("id", "parent_id", "lft", "rgt", "level", "name", "titl (66, 1, 131, 132, 1, 'com_actionlogs', 'com_actionlogs', '{}'), (67, 18, 74, 75, 2, 'com_modules.module.88', 'Latest Actions', '{}'), (68, 18, 76, 77, 2, 'com_modules.module.89', 'Privacy Dashboard', '{}'), -(69, 1, 153, 154, 1, 'com_csp', 'com_csp', '{}'), (70, 18, 90, 91, 2, 'com_modules.module.103', 'Site', '{}'), (71, 18, 92, 93, 2, 'com_modules.module.104', 'System', '{}'), (72, 18, 94, 95, 2, 'com_modules.module.91', 'System Dashboard', '{}'), @@ -181,7 +180,6 @@ INSERT INTO "#__extensions" ("package_id", "name", "type", "element", "folder", (0, 'com_privacy', 'component', 'com_privacy', '', 1, 1, 1, 0, 1, '', '', '', 0, 0), (0, 'com_actionlogs', 'component', 'com_actionlogs', '', 1, 1, 1, 0, 1, '', '{"ip_logging":0,"csv_delimiter":",","loggable_extensions":["com_banners","com_cache","com_categories","com_checkin","com_config","com_contact","com_content","com_installer","com_media","com_menus","com_messages","com_modules","com_newsfeeds","com_plugins","com_redirect","com_tags","com_templates","com_users"]}', '', 0, 0), (0, 'com_workflow', 'component', 'com_workflow', '', 1, 1, 0, 1, 1, '', '{}', '', 0, 0), -(0, 'com_csp', 'component', 'com_csp', '', 1, 1, 1, 0, 1, '', '', '', 0, 0), (0, 'com_mails', 'component', 'com_mails', '', 1, 1, 1, 1, 1, '', '', '', 0, 0); -- Libraries diff --git a/libraries/src/Extension/ExtensionHelper.php b/libraries/src/Extension/ExtensionHelper.php index 535dfbf029d95..a13bcf45985ac 100644 --- a/libraries/src/Extension/ExtensionHelper.php +++ b/libraries/src/Extension/ExtensionHelper.php @@ -63,7 +63,6 @@ class ExtensionHelper array('component', 'com_content', '', 1), array('component', 'com_contenthistory', '', 1), array('component', 'com_cpanel', '', 1), - array('component', 'com_csp', '', 1), array('component', 'com_fields', '', 1), array('component', 'com_finder', '', 1), array('component', 'com_installer', '', 1), diff --git a/plugins/system/httpheaders/httpheaders.php b/plugins/system/httpheaders/httpheaders.php index d98cea6900b48..57453c75c63c7 100644 --- a/plugins/system/httpheaders/httpheaders.php +++ b/plugins/system/httpheaders/httpheaders.php @@ -10,8 +10,6 @@ defined('_JEXEC') or die; use Joomla\CMS\Application\CMSApplication; -use Joomla\CMS\Component\ComponentHelper; -use Joomla\CMS\Language\Text; use Joomla\CMS\Plugin\CMSPlugin; use Joomla\CMS\Uri\Uri; use Joomla\Database\DatabaseDriver; @@ -24,14 +22,6 @@ */ class PlgSystemHttpHeaders extends CMSPlugin implements SubscriberInterface { - /** - * If true, language files will be loaded automatically. - * - * @var boolean - * @since 4.0.0 - */ - protected $autoloadLanguage = true; - /** * Application object. * @@ -56,14 +46,6 @@ class PlgSystemHttpHeaders extends CMSPlugin implements SubscriberInterface */ private $cspNonce; - /** - * The params of the com_csp component - * - * @var \Joomla\Registry\Registry - * @since 4.0.0 - */ - private $comCspParams; - /** * The list of the supported HTTP headers * @@ -154,9 +136,6 @@ public function __construct(&$subject, $config) { parent::__construct($subject, $config); - // Get the com_csp params that include the content-security-policy configuration - $this->comCspParams = ComponentHelper::getParams('com_csp'); - // Nonce generation $this->cspNonce = base64_encode(bin2hex(random_bytes(64))); $this->app->set('csp_nonce', $this->cspNonce); @@ -192,8 +171,8 @@ public function applyHashesToCspRule(): void return; } - $scriptHashesEnabled = (int) $this->comCspParams->get('script_hashes_enabled', 0); - $styleHashesEnabled = (int) $this->comCspParams->get('style_hashes_enabled', 0); + $scriptHashesEnabled = (int) $this->params->get('script_hashes_enabled', 0); + $styleHashesEnabled = (int) $this->params->get('style_hashes_enabled', 0); // Early exit when both options are disabled if (!$scriptHashesEnabled && !$styleHashesEnabled) @@ -279,8 +258,8 @@ public function setHttpHeaders(): void $this->setStaticHeaders(); // Handle CSP Header configuration - $cspEnabled = (int) $this->comCspParams->get('contentsecuritypolicy', 0); - $cspClient = (string) $this->comCspParams->get('contentsecuritypolicy_client', 'site'); + $cspEnabled = (int) $this->params->get('contentsecuritypolicy', 0); + $cspClient = (string) $this->params->get('contentsecuritypolicy_client', 'site'); // Check whether CSP is enabled and enabled by the current client if ($cspEnabled && ($this->app->isClient($cspClient) || $cspClient === 'both')) @@ -298,46 +277,16 @@ public function setHttpHeaders(): void */ private function setCspHeader(): void { - // Mode Selector - $cspMode = $this->comCspParams->get('contentsecuritypolicy_mode', 'detect'); - - // In detecting mode we set this default rule so any report gets collected by com_csp - if ($cspMode === 'detect') - { - $this->app->setHeader( - 'content-security-policy-report-only', - "default-src 'self'; report-uri " . Uri::root() . "index.php?option=com_csp&task=report.log&client=" . $this->app->getName() - ); - - return; - } - - $cspReadOnly = (int) $this->comCspParams->get('contentsecuritypolicy_report_only', 1); + $cspReadOnly = (int) $this->params->get('contentsecuritypolicy_report_only', 1); $cspHeader = $cspReadOnly === 0 ? 'content-security-policy' : 'content-security-policy-report-only'; - // In automatic mode we compile the automatic header values and append it to the header - if ($cspMode === 'auto') - { - $automaticRules = trim( - implode( - '; ', - $this->compileAutomaticCspHeaderRules() - ) - ); - - // Set the header - $this->app->setHeader($cspHeader, $automaticRules); - - return; - } - // In custom mode we compile the header from the values configured - $cspValues = $this->comCspParams->get('contentsecuritypolicy_values', []); - $nonceEnabled = (int) $this->comCspParams->get('nonce_enabled', 0); - $scriptHashesEnabled = (int) $this->comCspParams->get('script_hashes_enabled', 0); - $strictDynamicEnabled = (int) $this->comCspParams->get('strict_dynamic_enabled', 0); - $styleHashesEnabled = (int) $this->comCspParams->get('style_hashes_enabled', 0); - $frameAncestorsSelfEnabled = (int) $this->comCspParams->get('frame_ancestors_self_enabled', 1); + $cspValues = $this->params->get('contentsecuritypolicy_values', []); + $nonceEnabled = (int) $this->params->get('nonce_enabled', 0); + $scriptHashesEnabled = (int) $this->params->get('script_hashes_enabled', 0); + $strictDynamicEnabled = (int) $this->params->get('strict_dynamic_enabled', 0); + $styleHashesEnabled = (int) $this->params->get('style_hashes_enabled', 0); + $frameAncestorsSelfEnabled = (int) $this->params->get('frame_ancestors_self_enabled', 1); $frameAncestorsSet = false; foreach ($cspValues as $cspValue) @@ -408,141 +357,6 @@ private function setCspHeader(): void $this->app->setHeader($cspHeader, trim(implode('; ', $newCspValues))); } - /** - * Compile the automatic csp header rules based on com_csp / #__csp - * - * @return array An array containing the csp rules found in com_csp - * - * @since 4.0.0 - */ - private function compileAutomaticCspHeaderRules(): array - { - // Get the published infos from the database - $query = $this->db->getQuery(true) - ->select($this->db->quoteName(['client', 'directive', 'blocked_uri'])) - ->from($this->db->quoteName('#__csp')) - ->where($this->db->quoteName('published') . ' = 1'); - - $this->db->setQuery($query); - - try - { - $rows = (array) $this->db->loadObjectList(); - } - catch (\RuntimeException $e) - { - $this->app->enqueueMessage(Text::_('JERROR_AN_ERROR_HAS_OCCURRED'), 'error'); - - return []; - } - - $automaticCspHeader = []; - $cspHeaderCollection = []; - $nonceEnabled = (int) $this->comCspParams->get('nonce_enabled', 0); - $scriptHashesEnabled = (int) $this->comCspParams->get('script_hashes_enabled', 0); - $strictDynamicEnabled = (int) $this->comCspParams->get('strict_dynamic_enabled', 0); - $styleHashesEnabled = (int) $this->comCspParams->get('style_hashes_enabled', 0); - $frameAncestorsSelfEnabled = (int) $this->comCspParams->get('frame_ancestors_self_enabled', 1); - - foreach ($rows as $row) - { - // Handle the client information for each rule - if (!$this->app->isClient($row->client)) - { - continue; - } - - // Make sure the directive exists as a key - if (!isset($cspHeaderCollection[$row->directive])) - { - $cspHeaderCollection = array_merge($cspHeaderCollection, array_fill_keys([$row->directive], '')); - } - - // Eval or inline lets us make sure they still work by adding ' before and after - if (in_array($row->blocked_uri, ['unsafe-eval', 'unsafe-inline'])) - { - $row->blocked_uri = "'$row->blocked_uri'"; - } - - // Allow the blocked_uri for the given directive - $cspHeaderCollection[$row->directive] .= ' ' . $row->blocked_uri; - } - - // Add the frame-ancestors when not done already - if (!isset($cspHeaderCollection['frame-ancestors']) && $frameAncestorsSelfEnabled) - { - $cspHeaderCollection = array_merge($cspHeaderCollection, array_fill_keys(['frame-ancestors'], '')); - } - - // We should have a default-src, script-src and style-src rule - if (!empty($cspHeaderCollection)) - { - if (!isset($cspHeaderCollection['default-src'])) - { - $cspHeaderCollection = array_merge($cspHeaderCollection, array_fill_keys(['default-src'], '')); - } - - if (!isset($cspHeaderCollection['script-src']) && ($scriptHashesEnabled || $nonceEnabled)) - { - $cspHeaderCollection = array_merge($cspHeaderCollection, array_fill_keys(['script-src'], '')); - } - - if (!isset($cspHeaderCollection['style-src']) && ($scriptHashesEnabled || $nonceEnabled)) - { - $cspHeaderCollection = array_merge($cspHeaderCollection, array_fill_keys(['style-src'], '')); - } - } - - foreach ($cspHeaderCollection as $cspHeaderkey => $cspHeaderValue) - { - // Handle non value directives - if (in_array($cspHeaderkey, $this->noValueDirectives)) - { - $automaticCspHeader[] = $cspHeaderkey; - - continue; - } - - // Make sure this is a valid directive - if (!in_array($cspHeaderkey, $this->validDirectives)) - { - continue; - } - - // Append the random $nonce for the script and style tags if enabled - if (in_array($cspHeaderkey, $this->nonceDirectives) && $nonceEnabled) - { - // Append nonce - $cspHeaderValue = "'nonce-" . $this->cspNonce . "'" . $cspHeaderValue; - } - - // Append the script hashes placeholder - if ($scriptHashesEnabled && strpos($cspHeaderkey, 'script-src') === 0) - { - $cspHeaderValue = '{script-hashes} ' . $cspHeaderValue; - } - - // Append the style hashes placeholder - if ($styleHashesEnabled && strpos($cspHeaderkey, 'style-src') === 0) - { - $cspHeaderValue = '{style-hashes} ' . $cspHeaderValue; - } - - // Add strict-dynamic to the script-src directive when enabled - if ($strictDynamicEnabled - && $cspHeaderkey === 'script-src' - && strpos($cspHeaderValue, 'strict-dynamic') === false) - { - $cspHeaderValue .= " 'strict-dynamic' "; - } - - // By default we should allow 'self' on any directive - $automaticCspHeader[] = $cspHeaderkey . " 'self' " . trim($cspHeaderValue); - } - - return $automaticCspHeader; - } - /** * Get the configured static headers. * diff --git a/plugins/system/httpheaders/httpheaders.xml b/plugins/system/httpheaders/httpheaders.xml index e94d4aa176990..45ce6830d308b 100644 --- a/plugins/system/httpheaders/httpheaders.xml +++ b/plugins/system/httpheaders/httpheaders.xml @@ -57,7 +57,6 @@ - JENABLED +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+