You are here

Home » API reference » Content-Security-Policy 8 » csp.install

function csp_requirements in Content-Security-Policy 8

Implements hook_requirements().

File

./csp.install, line 11
Installation hooks for csp.module.

Code

function csp_requirements($phase) {
  $requirements = [];
  if ($phase === 'runtime') {
    if ((version_compare(\Drupal::VERSION, '8.7', '<') || \Drupal::moduleHandler()
      ->moduleExists('ie9')) && !\Drupal::config('system.performance')
      ->get('css.preprocess')) {
      $tArgs = [
        ':system-performance' => \Drupal::urlGenerator()
          ->generateFromRoute('system.performance_settings'),
        ':change-record-url' => 'https://www.drupal.org/node/2993171',
      ];
      $requirements['csp_ie9'] = [
        'title' => 'Content Security Policy IE9',
        'value' => "'unsafe-inline'",
        'description' => \Drupal::moduleHandler()
          ->moduleExists('ie9') ? t('Support for IE9 requires allowing inline styles when CSS aggregation is disabled.  <br><a href=":system-performance">Enable CSS aggregation</a> to prevent allowing inline CSS.', $tArgs) : t('Legacy support for IE9 requires allowing inline styles when CSS aggregation is disabled.  <br><a href=":system-performance">Enable CSS aggregation</a>, or <a href=":change-record-url">upgrade to Drupal 8.7</a> to prevent allowing inline CSS.', $tArgs),
        'severity' => REQUIREMENT_WARNING,
      ];
    }
    $cspSettingsConfig = \Drupal::config('csp.settings');
    $enabledPolicies = array_filter([
      'report-only',
      'enforce',
    ], function ($policyTypeKey) use ($cspSettingsConfig) {
      return $cspSettingsConfig
        ->get($policyTypeKey . '.enable');
    });
    if (empty($enabledPolicies)) {
      $requirements['csp_enabled'] = [
        'title' => 'Content Security Policy',
        'value' => t('No Content Security Policy headers are currently enabled.'),
        'description' => t('Enable a header via <a href=":csp-settings">the Content Security Policy settings</a>.', [
          ':csp-settings' => \Drupal::urlGenerator()
            ->generateFromRoute('csp.settings'),
        ]),
        'severity' => REQUIREMENT_WARNING,
      ];
    }

    // Warn if CSP is also enabled in Security Kit module configuration.
    if (\Drupal::moduleHandler()
      ->moduleExists('seckit') && \Drupal::config('seckit.settings')
      ->get('seckit_xss.csp.checkbox')) {
      $requirements['csp_seckit'] = [
        'title' => 'Content Security Policy - Security Kit',
        'value' => t('Enabling Content Security Policy in Security Kit is likely to cause policy conflicts.'),
        'description' => t('Disable the Content Security Policy settings in <a href=":seckit-settings">Security Kit configuration</a>.', [
          ':seckit-settings' => \Drupal::urlGenerator()
            ->generateFromRoute('seckit.settings'),
        ]),
        'severity' => REQUIREMENT_WARNING,
      ];
    }
  }
  return $requirements;
}