Fix `plugin-types` generation - Githubissues

paragonie / csp-builder

Build Content-Security-Policy headers from a JSON file (or build them programmatically)

https://paragonie.com/projects

MIT License

544 stars 39 forks source link

Fix `plugin-types` generation #69

Closed fritzmg closed 1 year ago

fritzmg commented 1 year ago

Currently CSPBuilder::allowPluginType does not work at all. There are two issues:

compileSubgroup tries to compile the allowed plugin types from the allow sub-key. However that key does not exist, leading to
```
1) ParagonIE\CSPBuilderTest\BasicTest::testAllowPluginType
Undefined array key "allow"

csp-builder\src\CSPBuilder.php:875
csp-builder\src\CSPBuilder.php:131
```
The allowed plugin types are actually stored in the types sub-key.
The preg_replace in enc will actually remove any valid mime type string.

This PR implements the following changes:

The allowed plugin types are now retrieved from the correct array sub-key.
The enc method for mime strings is changed to a preg_match method that will return a valid mime-type definition if found and an empty string if not.
The compileSubgroup will return an empty string if no valid plugin type was provided.