You are here

Home » API reference » X-Frame-Options Configuration 8 » XFrameOptionsConfigurationSettingsForm.php

class XFrameOptionsConfigurationSettingsForm in X-Frame-Options Configuration 8

Configure example settings for this site.

Hierarchy

Expanded class hierarchy of XFrameOptionsConfigurationSettingsForm

1 string reference to 'XFrameOptionsConfigurationSettingsForm'
x_frame_options_configuration.routing.yml in ./x_frame_options_configuration.routing.yml
x_frame_options_configuration.routing.yml

File

src/Form/XFrameOptionsConfigurationSettingsForm.php, line 13

Namespace

Drupal\x_frame_options_configuration\Form
View source 
class XFrameOptionsConfigurationSettingsForm extends ConfigFormBase {

  /**
   * {@inheritdoc}
   */
  public function getFormId() {
    return 'x_frame_options_configuration_admin_settings';
  }

  /**
   * {@inheritdoc}
   */
  protected function getEditableConfigNames() {
    return [
      'x_frame_options_configuration.settings',
    ];
  }

  /**
   * {@inheritdoc}
   */
  public function buildForm(array $form, FormStateInterface $form_state) {
    $config = $this
      ->config('x_frame_options_configuration.settings');

    // Markup to explain what the X-Frame-Options HTTP response header is.
    $form['markup'] = [
      '#type' => 'markup',
      '#markup' => $this
        ->t('<h3>Description:</h3><p>The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a &lt;frame&gt;, &lt;iframe&gt; or &lt;object&gt;. Sites can use this to avoid clickjacking attacks, by ensuring that their content is not embedded into other sites.</p>'),
    ];

    /*
     * Create the field that will allow users to select which directive to use
     *   ('DENY', 'SAMEORIGIN', 'ALLOW-FROM', 'ALLOW-ALL').
     */
    $form['directive'] = [
      '#type' => 'radios',
      '#title' => $this
        ->t('Directive'),
      '#default_value' => $config
        ->get('x_frame_options_configuration.directive', 'DENY'),
      '#options' => [
        'DENY' => $this
          ->t('DENY'),
        'SAMEORIGIN' => $this
          ->t('SAMEORIGIN'),
        'ALLOW-FROM' => $this
          ->t('ALLOW-FROM uri'),
        'ALLOW-ALL' => $this
          ->t('ALLOW ALL (Remove header)'),
      ],
      '#required' => TRUE,
    ];

    /*
     * Create the field that will allow the users to specify the URI that will
     * be allowed to render this page. This field will only be visible when the
     * directive field has the 'ALLOW-FROM' option checked.
     */
    $form['allow-from-uri'] = [
      '#type' => 'textfield',
      '#title' => $this
        ->t('Uri (if "ALLOW-FROM uri" is selected).'),
      '#default_value' => $config
        ->get('x_frame_options_configuration.allow-from-uri'),
      '#placeholder' => $this
        ->t('http://domain.com/'),
      '#description' => $this
        ->t('<strong>Use with caution because this directive might be ignored on Google Chrome or Safari and your site will allow to be rendered from anywhere</strong>.<br />Check for detailed <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options#Browser_compatibility" target="_blank">browser compatibility</a> information.'),
      '#states' => [
        'visible' => [
          ':input[name="directive"]' => [
            'value' => 'ALLOW-FROM',
          ],
        ],
      ],
    ];
    return parent::buildForm($form, $form_state);
  }

  /**
   * {@inheritdoc}
   */
  public function submitForm(array &$form, FormStateInterface $form_state) {

    // Retrieve the configuration.
    $this->configFactory
      ->getEditable('x_frame_options_configuration.settings')
      ->set('x_frame_options_configuration.directive', Html::escape($form_state
      ->getValue('directive')))
      ->set('x_frame_options_configuration.allow-from-uri', UrlHelper::stripDangerousProtocols(Html::escape($form_state
      ->getValue('allow-from-uri'))))
      ->save();
    parent::submitForm($form, $form_state);
  }

}

Members

Namesort descending Modifiers Type Description Overrides
ConfigFormBase::create public static function Instantiates a new instance of this class. Overrides FormBase::create 13
ConfigFormBase::__construct public function Constructs a \Drupal\system\ConfigFormBase object. 11
ConfigFormBaseTrait::config protected function Retrieves a configuration object.
DependencySerializationTrait::$_entityStorages protected property An array of entity type IDs keyed by the property name of their storages.
DependencySerializationTrait::$_serviceIds protected property An array of service IDs keyed by property name used for serialization.
DependencySerializationTrait::__sleep public function 1
DependencySerializationTrait::__wakeup public function 2
FormBase::$configFactory protected property The config factory. 1
FormBase::$requestStack protected property The request stack. 1
FormBase::$routeMatch protected property The route match.
FormBase::configFactory protected function Gets the config factory for this form. 1
FormBase::container private function Returns the service container.
FormBase::currentUser protected function Gets the current user.
FormBase::getRequest protected function Gets the request object.
FormBase::getRouteMatch protected function Gets the route match.
FormBase::logger protected function Gets the logger for a specific channel.
FormBase::redirect protected function Returns a redirect response object for the specified route. Overrides UrlGeneratorTrait::redirect
FormBase::resetConfigFactory public function Resets the configuration factory.
FormBase::setConfigFactory public function Sets the config factory for this form.
FormBase::setRequestStack public function Sets the request stack object to use.
FormBase::validateForm public function Form validation handler. Overrides FormInterface::validateForm 62
LinkGeneratorTrait::$linkGenerator protected property The link generator. 1
LinkGeneratorTrait::getLinkGenerator Deprecated protected function Returns the link generator.
LinkGeneratorTrait::l Deprecated protected function Renders a link to a route given a route name and its parameters.
LinkGeneratorTrait::setLinkGenerator Deprecated public function Sets the link generator service.
LoggerChannelTrait::$loggerFactory protected property The logger channel factory service.
LoggerChannelTrait::getLogger protected function Gets the logger for a specific channel.
LoggerChannelTrait::setLoggerFactory public function Injects the logger channel factory.
MessengerTrait::$messenger protected property The messenger. 29
MessengerTrait::messenger public function Gets the messenger. 29
MessengerTrait::setMessenger public function Sets the messenger.
RedirectDestinationTrait::$redirectDestination protected property The redirect destination service. 1
RedirectDestinationTrait::getDestinationArray protected function Prepares a 'destination' URL query parameter for use with \Drupal\Core\Url.
RedirectDestinationTrait::getRedirectDestination protected function Returns the redirect destination service.
RedirectDestinationTrait::setRedirectDestination public function Sets the redirect destination service.
StringTranslationTrait::$stringTranslation protected property The string translation service. 1
StringTranslationTrait::formatPlural protected function Formats a string containing a count of items.
StringTranslationTrait::getNumberOfPlurals protected function Returns the number of plurals supported by a given language.
StringTranslationTrait::getStringTranslation protected function Gets the string translation service.
StringTranslationTrait::setStringTranslation public function Sets the string translation service to use. 2
StringTranslationTrait::t protected function Translates a string to the current language or to a given language.
UrlGeneratorTrait::$urlGenerator protected property The url generator.
UrlGeneratorTrait::getUrlGenerator Deprecated protected function Returns the URL generator service.
UrlGeneratorTrait::setUrlGenerator Deprecated public function Sets the URL generator service.
UrlGeneratorTrait::url Deprecated protected function Generates a URL or path for a specific route based on the given parameters.
XFrameOptionsConfigurationSettingsForm::buildForm public function Form constructor. Overrides ConfigFormBase::buildForm
XFrameOptionsConfigurationSettingsForm::getEditableConfigNames protected function Gets the configuration names that will be editable. Overrides ConfigFormBaseTrait::getEditableConfigNames
XFrameOptionsConfigurationSettingsForm::getFormId public function Returns a unique string identifying the form. Overrides FormInterface::getFormId
XFrameOptionsConfigurationSettingsForm::submitForm public function Form submission handler. Overrides ConfigFormBase::submitForm