line |
stmt |
bran |
cond |
sub |
pod |
time |
code |
1
|
1
|
|
|
1
|
|
17700
|
use 5.014; |
|
1
|
|
|
|
|
4
|
|
2
|
|
|
|
|
|
|
|
3
|
|
|
|
|
|
|
package Plack::Middleware::CSP 0.01 { |
4
|
1
|
|
|
1
|
|
5
|
use utf8; |
|
1
|
|
|
|
|
2
|
|
|
1
|
|
|
|
|
5
|
|
5
|
1
|
|
|
1
|
|
18
|
use strict; |
|
1
|
|
|
|
|
9
|
|
|
1
|
|
|
|
|
20
|
|
6
|
1
|
|
|
1
|
|
5
|
use warnings; |
|
1
|
|
|
|
|
2
|
|
|
1
|
|
|
|
|
27
|
|
7
|
1
|
|
|
1
|
|
388
|
use HTTP::CSPHeader; |
|
1
|
|
|
|
|
118151
|
|
|
1
|
|
|
|
|
36
|
|
8
|
1
|
|
|
1
|
|
8
|
use parent "Plack::Middleware"; |
|
1
|
|
|
|
|
3
|
|
|
1
|
|
|
|
|
8
|
|
9
|
1
|
|
|
1
|
|
418
|
use Plack::Util::Accessor qw( nonce_template_token ); |
|
1
|
|
|
|
|
2
|
|
|
1
|
|
|
|
|
14
|
|
10
|
|
|
|
|
|
|
our $AUTHORITY = "cpan:ASHLEY"; |
11
|
|
|
|
|
|
|
|
12
|
7
|
|
|
7
|
0
|
108
|
sub csp { +shift->{_csp} } |
13
|
3
|
|
|
3
|
0
|
8
|
sub nonce { +shift->csp->nonce } |
14
|
|
|
|
|
|
|
|
15
|
|
|
|
|
|
|
sub new { |
16
|
2
|
|
|
2
|
1
|
6441
|
my $self = +shift->SUPER::new(@_); |
17
|
|
|
|
|
|
|
# TEST policy and nonces_for are properly formed and HTTP::CSPHeader object can be made. |
18
|
|
|
|
|
|
|
# Refer to HTTP::CSPHeader's tests? |
19
|
|
|
|
|
|
|
$self->{_csp} = HTTP::CSPHeader->new( |
20
|
|
|
|
|
|
|
policy => delete $self->{policy}, |
21
|
|
|
|
|
|
|
nonces_for => delete $self->{nonces_for}, |
22
|
2
|
|
|
|
|
82
|
); |
23
|
|
|
|
|
|
|
|
24
|
2
|
|
|
|
|
2331
|
$self; |
25
|
|
|
|
|
|
|
} |
26
|
|
|
|
|
|
|
|
27
|
|
|
|
|
|
|
sub call { |
28
|
2
|
|
|
2
|
1
|
19134
|
my ( $self, $env ) = @_; |
29
|
|
|
|
|
|
|
|
30
|
2
|
|
|
|
|
8
|
$env->{"CSP_NONCE"} = $self->nonce; |
31
|
2
|
|
|
|
|
228
|
my $res = $self->app->($env); |
32
|
|
|
|
|
|
|
|
33
|
|
|
|
|
|
|
Plack::Util::response_cb($res, sub { |
34
|
2
|
|
|
2
|
|
19
|
my $res = shift; |
35
|
2
|
|
|
|
|
4
|
$self->csp->reset; # Request is done, reset for response. |
36
|
2
|
|
|
|
|
98
|
my $h = Plack::Util::headers($res->[1]); |
37
|
2
|
100
|
|
|
|
48
|
if ( my $token = $self->nonce_template_token ) |
38
|
|
|
|
|
|
|
{ |
39
|
1
|
|
|
|
|
6
|
my $nonce = $self->nonce; |
40
|
|
|
|
|
|
|
# Content type?!? Restrict to… sane values? text, html…? |
41
|
1
|
|
|
|
|
6
|
s/\Q$token/$nonce/g for @{ $res->[2] }; |
|
1
|
|
|
|
|
17
|
|
42
|
|
|
|
|
|
|
} |
43
|
2
|
|
|
|
|
24
|
$h->set("content-security-protocol" => $self->csp->header ); |
44
|
2
|
|
|
|
|
210
|
}); |
45
|
|
|
|
|
|
|
} |
46
|
|
|
|
|
|
|
1; |
47
|
|
|
|
|
|
|
}; |
48
|
|
|
|
|
|
|
|
49
|
|
|
|
|
|
|
__DATA__ |