You are here

function http_response_headers_requirements in HTTP Response Headers 8.2

Same name and namespace in other branches
  1. 2.0.x http_response_headers.install \http_response_headers_requirements()

Implements hook_requirements().

File

./http_response_headers.install, line 13
HTTP Header manipulations install.

Code

function http_response_headers_requirements($phase) {
  $requirements = array();
  if ($phase == 'runtime') {
    $entity_manager = \Drupal::entityTypeManager()
      ->getStorage('response_header');

    // Report response headers that should be configured.
    $strict_transport_security = $entity_manager
      ->load('strict_transport_security');
    $public_key_pins = $entity_manager
      ->load('public_key_pins');
    if (!isset($strict_transport_security) || $strict_transport_security instanceof ResponseHeaderInterface || empty($strict_transport_security
      ->get('value'))) {
      $requirements['response_header_security_policy'] = array(
        'title' => t('Content Security Policy'),
        'value' => t('Not configured'),
        'description' => t("It is highly recommended to set a secure Content Security Policy. A recommended value would be `default-src https: data: \\'unsafe-inline\\' \\'unsafe-eval\\'`. See the <a href=':help'>HTTP Response Headers Help page</a> for more information.", array(
          ':help' => '/admin/help/http_response_headers',
        )),
        'severity' => REQUIREMENT_WARNING,
      );
    }
    if (!isset($public_key_pins) || $public_key_pins instanceof ResponseHeaderInterface || empty($public_key_pins
      ->get('value'))) {
      $requirements['response_header_public_key_pins'] = array(
        'title' => t('Public Key Pins'),
        'value' => t('Not configured'),
        'description' => t("It is highly recommended to configure your Public Key Pins. See the <a href=':help'>HTTP Response Headers Help page</a> for more information.", array(
          ':help' => '/admin/help/http_response_headers',
        )),
        'severity' => REQUIREMENT_WARNING,
      );
    }
  }
  return $requirements;
}