You are here

Home » API reference » Content-Security-Policy 8 » CspSettingsForm.php » CspSettingsForm

public function CspSettingsForm::submitForm in Content-Security-Policy 8

Form submission handler.

Parameters

array $form: An associative array containing the structure of the form.

\Drupal\Core\Form\FormStateInterface $form_state: The current state of the form.

Overrides ConfigFormBase::submitForm

File

src/Form/CspSettingsForm.php, line 657

Class

CspSettingsForm
Form for editing Content Security Policy module settings.

Namespace

Drupal\csp\Form

Code

public function submitForm(array &$form, FormStateInterface $form_state) {
  $config = $this
    ->config('csp.settings');
  $directiveNames = $this
    ->getConfigurableDirectives();
  foreach ([
    'report-only',
    'enforce',
  ] as $policyTypeKey) {
    $config
      ->clear($policyTypeKey);
    $policyFormData = $form_state
      ->getValue($policyTypeKey);
    $config
      ->set($policyTypeKey . '.enable', !empty($policyFormData['enable']));
    foreach ($directiveNames as $directiveName) {
      if (empty($policyFormData['directives'][$directiveName])) {
        continue;
      }
      $directiveFormData = $policyFormData['directives'][$directiveName];
      $directiveOptions = [];
      if (empty($directiveFormData['enable'])) {
        continue;
      }
      $directiveSchema = Csp::getDirectiveSchema($directiveName);
      if ($directiveSchema === Csp::DIRECTIVE_SCHEMA_BOOLEAN) {
        $directiveOptions = TRUE;
      }
      elseif ($directiveSchema === Csp::DIRECTIVE_SCHEMA_MEDIA_TYPE_LIST) {

        // If "object-src: none" all plugins will be blocked even if type is
        // allowed.  The form field is hidden and skips validation, so make
        // sure value is not saved.
        if ($directiveName == 'plugin-types' && $policyFormData['directives']['object-src']['enable'] && $policyFormData['directives']['object-src']['base'] == 'none') {
          continue;
        }
        $directiveOptions = array_filter(preg_split('/,?\\s+/', $directiveFormData['mime-types']));
      }
      elseif (in_array($directiveSchema, [
        Csp::DIRECTIVE_SCHEMA_TOKEN_LIST,
        Csp::DIRECTIVE_SCHEMA_OPTIONAL_TOKEN_LIST,
      ])) {
        $directiveOptions = array_keys(array_filter($directiveFormData['keys']));
      }
      elseif (in_array($directiveSchema, [
        Csp::DIRECTIVE_SCHEMA_SOURCE_LIST,
        Csp::DIRECTIVE_SCHEMA_ANCESTOR_SOURCE_LIST,
      ])) {
        if ($directiveFormData['base'] !== 'none') {
          if (!empty($directiveFormData['sources'])) {
            $directiveOptions['sources'] = array_filter(preg_split('/,?\\s+/', $directiveFormData['sources']));
          }
          if ($directiveSchema == Csp::DIRECTIVE_SCHEMA_SOURCE_LIST) {
            $directiveFormData['flags'] = array_filter($directiveFormData['flags']);
            if (!empty($directiveFormData['flags'])) {
              $directiveOptions['flags'] = array_keys($directiveFormData['flags']);
            }
          }
        }
        $directiveOptions['base'] = $directiveFormData['base'];
      }
      if (!empty($directiveOptions) || in_array($directiveSchema, [
        Csp::DIRECTIVE_SCHEMA_OPTIONAL_TOKEN_LIST,
        Csp::DIRECTIVE_SCHEMA_MEDIA_TYPE_LIST,
      ])) {
        $config
          ->set($policyTypeKey . '.directives.' . $directiveName, $directiveOptions);
      }
    }
    $reportHandlerPluginId = $form_state
      ->getValue([
      $policyTypeKey,
      'reporting',
      'handler',
    ]);
    $config
      ->set($policyTypeKey . '.reporting', [
      'plugin' => $reportHandlerPluginId,
    ]);
    $reportHandlerOptions = $form_state
      ->getValue([
      $policyTypeKey,
      'reporting',
      $reportHandlerPluginId,
    ]);
    if ($reportHandlerOptions) {
      $config
        ->set($policyTypeKey . '.reporting.options', $reportHandlerOptions);
    }
  }
  $config
    ->save();
  parent::submitForm($form, $form_state);
}