mirror of
https://github.com/AzuraCast/AzuraCast.git
synced 2024-06-18 23:17:05 +00:00
Fix CSP injection in View class.
This commit is contained in:
parent
4aa1902dae
commit
81aea98efa
15
src/View.php
15
src/View.php
|
@ -2,7 +2,6 @@
|
|||
|
||||
namespace App;
|
||||
|
||||
use App\Http\Response;
|
||||
use App\Http\ServerRequest;
|
||||
use DI\FactoryInterface;
|
||||
use Doctrine\Inflector\InflectorFactory;
|
||||
|
@ -15,6 +14,8 @@ use Symfony\Component\VarDumper\Dumper\CliDumper;
|
|||
|
||||
class View extends Engine
|
||||
{
|
||||
protected Assets $assets;
|
||||
|
||||
public function __construct(
|
||||
FactoryInterface $factory,
|
||||
Environment $environment,
|
||||
|
@ -33,7 +34,7 @@ class View extends Engine
|
|||
);
|
||||
|
||||
// Add request-dependent content.
|
||||
$assets = $factory->make(
|
||||
$this->assets = $factory->make(
|
||||
Assets::class,
|
||||
[
|
||||
'request' => $request,
|
||||
|
@ -48,7 +49,7 @@ class View extends Engine
|
|||
'acl' => $request->getAttribute(ServerRequest::ATTR_ACL),
|
||||
'customization' => $request->getAttribute(ServerRequest::ATTR_CUSTOMIZATION),
|
||||
'flash' => $request->getAttribute(ServerRequest::ATTR_SESSION_FLASH),
|
||||
'assets' => $assets,
|
||||
'assets' => $this->assets,
|
||||
]
|
||||
);
|
||||
|
||||
|
@ -159,12 +160,6 @@ class View extends Engine
|
|||
$response->getBody()->write($template);
|
||||
$response = $response->withHeader('Content-type', 'text/html; charset=utf-8');
|
||||
|
||||
if ($response instanceof Response && !$response->hasCacheLifetime()) {
|
||||
/** @var Assets $assets */
|
||||
$assets = $this->getData('assets');
|
||||
$response = $assets->writeCsp($response);
|
||||
}
|
||||
|
||||
return $response;
|
||||
return $this->assets->writeCsp($response);
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue
Block a user