File Coverage

blib/lib/Plack/Middleware/CSP.pm

Criterion	Covered	Total	%
statement	37	37	100.0
branch	2	2	100.0
condition			n/a
subroutine	12	12	100.0
pod	2	4	50.0
total	53	55	96.3

line	stmt	bran	sub	pod	time	code
1	1		1		17700	use 5.014;
	1				4
2
3						package Plack::Middleware::CSP 0.01 {
4	1		1		5	use utf8;
	1				2
	1				5
5	1		1		18	use strict;
	1				9
	1				20
6	1		1		5	use warnings;
	1				2
	1				27
7	1		1		388	use HTTP::CSPHeader;
	1				118151
	1				36
8	1		1		8	use parent "Plack::Middleware";
	1				3
	1				8
9	1		1		418	use Plack::Util::Accessor qw( nonce_template_token );
	1				2
	1				14
10						our $AUTHORITY = "cpan:ASHLEY";
11
12	7		7	0	108	sub csp { +shift->{_csp} }
13	3		3	0	8	sub nonce { +shift->csp->nonce }
14
15						sub new {
16	2		2	1	6441	my $self = +shift->SUPER::new(@_);
17						# TEST policy and nonces_for are properly formed and HTTP::CSPHeader object can be made.
18						# Refer to HTTP::CSPHeader's tests?
19						$self->{_csp} = HTTP::CSPHeader->new(
20						policy => delete $self->{policy},
21						nonces_for => delete $self->{nonces_for},
22	2				82	);
23
24	2				2331	$self;
25						}
26
27						sub call {
28	2		2	1	19134	my ( $self, $env ) = @_;
29
30	2				8	$env->{"CSP_NONCE"} = $self->nonce;
31	2				228	my $res = $self->app->($env);
32
33						Plack::Util::response_cb($res, sub {
34	2		2		19	my $res = shift;
35	2				4	$self->csp->reset; # Request is done, reset for response.
36	2				98	my $h = Plack::Util::headers($res->[1]);
37	2	100			48	if ( my $token = $self->nonce_template_token )
38						{
39	1				6	my $nonce = $self->nonce;
40						# Content type?!? Restrict to… sane values? text, html…?
41	1				6	s/\Q$token/$nonce/g for @{ $res->[2] };
	1				17
42						}
43	2				24	$h->set("content-security-protocol" => $self->csp->header );
44	2				210	});
45						}
46						1;
47						};
48
49						__DATA__