www.codebar.ch/app/Support/CspAllowlist.php at main · codebar-ag/www.codebar.ch · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
<?php

namespace App\Support;

use Illuminate\Support\Arr;

/**
 * Loads third-party CSP source strings from {@see config/csp-allowlists.json}.
 *
 * @phpstan-type DirectiveKey 'connect'|'img'|'media'|'font'|'script'|'style_elem'|'style'
 */
final class CspAllowlist
{
    /**
     * @param  DirectiveKey  $directive
     * @return list<string>
     */
    public static function sources(string $directive): array
    {
        $data = self::load();

        /** @var list<string> */
        return Arr::get($data, $directive, []);
    }

    /**
     * @return array<string, list<string>>
     */
    private static function load(): array
    {
        $path = config_path('csp-allowlists.json');

        if (! is_file($path)) {
            return [];
        }

        $decoded = json_decode((string) file_get_contents($path), true);

        return is_array($decoded) ? $decoded : [];
    }
}