You are here

Home » API reference » X-Frame-Options Configuration 8 » XFrameOptionsConfigurationSettingsForm.php » XFrameOptionsConfigurationSettingsForm

public function XFrameOptionsConfigurationSettingsForm::buildForm in X-Frame-Options Configuration 8

Form constructor.

Parameters

array $form: An associative array containing the structure of the form.

\Drupal\Core\Form\FormStateInterface $form_state: The current state of the form.

Return value

array The form structure.

Overrides ConfigFormBase::buildForm

File

src/Form/XFrameOptionsConfigurationSettingsForm.php, line 34

Class

XFrameOptionsConfigurationSettingsForm
Configure example settings for this site.

Namespace

Drupal\x_frame_options_configuration\Form

Code

public function buildForm(array $form, FormStateInterface $form_state) {
  $config = $this
    ->config('x_frame_options_configuration.settings');

  // Markup to explain what the X-Frame-Options HTTP response header is.
  $form['markup'] = [
    '#type' => 'markup',
    '#markup' => $this
      ->t('<h3>Description:</h3><p>The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a &lt;frame&gt;, &lt;iframe&gt; or &lt;object&gt;. Sites can use this to avoid clickjacking attacks, by ensuring that their content is not embedded into other sites.</p>'),
  ];

  /*
   * Create the field that will allow users to select which directive to use
   *   ('DENY', 'SAMEORIGIN', 'ALLOW-FROM', 'ALLOW-ALL').
   */
  $form['directive'] = [
    '#type' => 'radios',
    '#title' => $this
      ->t('Directive'),
    '#default_value' => $config
      ->get('x_frame_options_configuration.directive', 'DENY'),
    '#options' => [
      'DENY' => $this
        ->t('DENY'),
      'SAMEORIGIN' => $this
        ->t('SAMEORIGIN'),
      'ALLOW-FROM' => $this
        ->t('ALLOW-FROM uri'),
      'ALLOW-ALL' => $this
        ->t('ALLOW ALL (Remove header)'),
    ],
    '#required' => TRUE,
  ];

  /*
   * Create the field that will allow the users to specify the URI that will
   * be allowed to render this page. This field will only be visible when the
   * directive field has the 'ALLOW-FROM' option checked.
   */
  $form['allow-from-uri'] = [
    '#type' => 'textfield',
    '#title' => $this
      ->t('Uri (if "ALLOW-FROM uri" is selected).'),
    '#default_value' => $config
      ->get('x_frame_options_configuration.allow-from-uri'),
    '#placeholder' => $this
      ->t('http://domain.com/'),
    '#description' => $this
      ->t('<strong>Use with caution because this directive might be ignored on Google Chrome or Safari and your site will allow to be rendered from anywhere</strong>.<br />Check for detailed <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options#Browser_compatibility" target="_blank">browser compatibility</a> information.'),
    '#states' => [
      'visible' => [
        ':input[name="directive"]' => [
          'value' => 'ALLOW-FROM',
        ],
      ],
    ],
  ];
  return parent::buildForm($form, $form_state);
}