private static property CspSettingsForm::$keywordDirectiveMap in Content-Security-Policy 8

A map of keywords and the directives which they are valid for.

Type: array

File

src/Form/CspSettingsForm.php, line 39

Class

CspSettingsForm: Form for editing Content Security Policy module settings.

Namespace

Drupal\csp\Form

Code

private static $keywordDirectiveMap = [
  // A violation’s sample will be populated with the first 40 characters of an
  // inline script, event handler, or style that caused an violation.
  // Violations which stem from an external file will not include a sample in
  // the violation report.
  // @see https://www.w3.org/TR/CSP3/#framework-violation
  'report-sample' => [
    'default-src',
    'script-src',
    'script-src-attr',
    'script-src-elem',
    'style-src',
    'style-src-attr',
    'style-src-elem',
  ],
  'strict-dynamic' => [
    'default-src',
    'script-src',
  ],
  'unsafe-allow-redirects' => [
    'navigate-to',
  ],
  // Since "unsafe-eval" acts as a global page flag, script-src-attr and
  // script-src-elem are not used when performing this check, instead
  // script-src (or it’s fallback directive) is always used.
  // @see https://www.w3.org/TR/CSP3/#directive-script-src
  'unsafe-eval' => [
    'default-src',
    'script-src',
    'style-src',
  ],
  // Unsafe-hashes only applies to inline attributes.
  'unsafe-hashes' => [
    'default-src',
    'script-src',
    'script-src-attr',
    'style-src',
    'style-src-attr',
  ],
  'unsafe-inline' => [
    'default-src',
    'script-src',
    'script-src-attr',
    'script-src-elem',
    'style-src',
    'style-src-attr',
    'style-src-elem',
  ],
];

You are here

private static property CspSettingsForm::$keywordDirectiveMap in Content-Security-Policy 8

File

Class

Namespace

Code

API Navigation