21830668774

Committed 09 Feb 2026 03:14PM UTC coverage: 83.772%. Remained the same

Build Type

push

github

Committed by

Commit Message

added RequestFactory::setForceHttps()

Run Details

8 of 9 new or added lines in 2 files covered. (88.89%)

23 existing lines in 2 files now uncovered.

924 of 1103 relevant lines covered (83.77%)

0.84 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

71.43

/src/Bridges/HttpDI/HttpExtension.php

<?php

/**
 * This file is part of the Nette Framework (https://nette.org)
 * Copyright (c) 2004 David Grudl (https://davidgrudl.com)
 */

declare(strict_types=1);

namespace Nette\Bridges\HttpDI;

use Nette;
use Nette\Schema\Expect;
use function is_array, strval;


/**
 * HTTP extension for Nette DI.
 */
class HttpExtension extends Nette\DI\CompilerExtension
{
        public function __construct(
                private readonly bool $cliMode = false,
        ) {
        }


        public function getConfigSchema(): Nette\Schema\Schema
        {
                return Expect::structure([
                        'proxy' => Expect::anyOf(Expect::arrayOf('string'), Expect::string()->castTo('array'))->firstIsDefault()->dynamic(),
                        'forceHttps' => Expect::bool(false)->dynamic(),
                        'headers' => Expect::arrayOf('scalar|null')->default([
                                'X-Powered-By' => 'Nette Framework 3',
                                'Content-Type' => 'text/html; charset=utf-8',
                        ])->mergeDefaults(),
                        'frames' => Expect::anyOf(Expect::string(), Expect::bool(), null)->default('SAMEORIGIN'), // X-Frame-Options
                        'csp' => Expect::arrayOf('array|scalar|null'), // Content-Security-Policy
                        'cspReportOnly' => Expect::arrayOf('array|scalar|null'), // Content-Security-Policy-Report-Only
                        'featurePolicy' => Expect::arrayOf('array|scalar|null'), // Feature-Policy
                        'cookiePath' => Expect::string()->dynamic(),
                        'cookieDomain' => Expect::string()->dynamic(),
                        'cookieSecure' => Expect::anyOf('auto', null, true, false)->firstIsDefault()->dynamic(), // Whether the cookie is available only through HTTPS
                        'disableNetteCookie' => Expect::bool(false), // disables cookie use by Nette
                ]);
        }


        public function loadConfiguration(): void
        {
                $builder = $this->getContainerBuilder();
                $config = $this->config;

                $requestFactory = $builder->addDefinition($this->prefix('requestFactory'))
                        ->setFactory(Nette\Http\RequestFactory::class)
                        ->addSetup('setProxy', [$config->proxy]);

                if ($config->forceHttps) {
                        $requestFactory->addSetup('setForceHttps');
                }

                $request = $builder->addDefinition($this->prefix('request'))
                        ->setFactory('@Nette\Http\RequestFactory::fromGlobals');

                $response = $builder->addDefinition($this->prefix('response'))
                        ->setFactory(Nette\Http\Response::class);

                if ($config->cookiePath !== null) {
                        $response->addSetup('$cookiePath', [$config->cookiePath]);
                }

                if ($config->cookieDomain !== null) {
                        $value = $config->cookieDomain === 'domain'
                                ? $builder::literal('$this->getService(?)->getUrl()->getDomain(2)', [$request->getName()])
                                : $config->cookieDomain;
                        $response->addSetup('$cookieDomain', [$value]);
                }

                if ($config->cookieSecure !== null) {
                        $value = $config->cookieSecure === 'auto'
                                ? $builder::literal('$this->getService(?)->isSecured()', [$request->getName()])
                                : $config->cookieSecure;
                        $response->addSetup('$cookieSecure', [$value]);
                }

                if ($this->name === 'http') {
                        $builder->addAlias('nette.httpRequestFactory', $this->prefix('requestFactory'));
                        $builder->addAlias('httpRequest', $this->prefix('request'));
                        $builder->addAlias('httpResponse', $this->prefix('response'));
                }

                if (!$this->cliMode) {
                        $this->sendHeaders();
                }
        }


        private function sendHeaders(): void
        {
                $config = $this->config;
                $headers = array_map(strval(...), $config->headers);

                if (isset($config->frames) && $config->frames !== true && !isset($headers['X-Frame-Options'])) {
                        $frames = $config->frames;
                        if ($frames === false) {
                                $frames = 'DENY';
                        } elseif (preg_match('#^https?:#', $frames)) {
                                $frames = "ALLOW-FROM $frames";
                        }

                        $headers['X-Frame-Options'] = $frames;
                }

                foreach (['csp', 'cspReportOnly'] as $key) {
                        if (empty($config->$key)) {
                                continue;
                        }

                        $value = self::buildPolicy($config->$key);
                        if (str_contains($value, "'nonce'")) {
                                $this->initialization->addBody('$cspNonce = base64_encode(random_bytes(16));');
                                $value = Nette\DI\ContainerBuilder::literal(
                                        'str_replace(?, ? . $cspNonce, ?)',
                                        ["'nonce", "'nonce-", $value],
                                );
                        }

                        $headers['Content-Security-Policy' . ($key === 'csp' ? '' : '-Report-Only')] = $value;
                }

                if (!empty($config->featurePolicy)) {
                        $headers['Feature-Policy'] = self::buildPolicy($config->featurePolicy);
                }

                $this->initialization->addBody('$response = $this->getService(?);', [$this->prefix('response')]);
                foreach ($headers as $key => $value) {
                        if ($value !== '') {
                                $this->initialization->addBody('$response->setHeader(?, ?);', [$key, $value]);
                        }
                }

                if (!$config->disableNetteCookie) {
                        $this->initialization->addBody(
                                'Nette\Http\Helpers::initCookie($this->getService(?), $response);',
                                [$this->prefix('request')],
                        );
                }
        }


        /** @param array<string, list<mixed>|scalar|null>  $config */
        private static function buildPolicy(array $config): string
        {
                $nonQuoted = ['require-sri-for' => 1, 'sandbox' => 1];
                $value = '';
                foreach ($config as $type => $policy) {
                        if ($policy === false) {
                                continue;
                        }

                        $policy = $policy === true ? [] : (array) $policy;
                        $value .= $type;
                        foreach ($policy as $item) {
                                if (is_array($item)) {
                                        $item = key($item) . ':';
                                }

                                $value .= !isset($nonQuoted[$type]) && preg_match('#^[a-z-]+$#D', $item)
                                        ? " '$item'"
                                        : " $item";
                        }

                        $value .= '; ';
                }

                return $value;
        }
}

1	<?php
2
3	/**
4	* This file is part of the Nette Framework (https://nette.org)
5	* Copyright (c) 2004 David Grudl (https://davidgrudl.com)
6	*/
7
8	declare(strict_types=1);
9
10	namespace Nette\Bridges\HttpDI;
11
12	use Nette;
13	use Nette\Schema\Expect;
14	use function is_array, strval;
15
16
17	/**
18	* HTTP extension for Nette DI.
19	*/
20	class HttpExtension extends Nette\DI\CompilerExtension
21	{
22	public function __construct(	1✔
23	private readonly bool $cliMode = false,
24	) {
25	}	1✔
26
27
28	public function getConfigSchema(): Nette\Schema\Schema
29	{
30	return Expect::structure([	1✔
31	'proxy' => Expect::anyOf(Expect::arrayOf('string'), Expect::string()->castTo('array'))->firstIsDefault()->dynamic(),	1✔
32	'forceHttps' => Expect::bool(false)->dynamic(),	1✔
33	'headers' => Expect::arrayOf('scalar\|null')->default([	1✔
34	'X-Powered-By' => 'Nette Framework 3',	1✔
35	'Content-Type' => 'text/html; charset=utf-8',
36	])->mergeDefaults(),	1✔
37	'frames' => Expect::anyOf(Expect::string(), Expect::bool(), null)->default('SAMEORIGIN'), // X-Frame-Options	1✔
38	'csp' => Expect::arrayOf('array\|scalar\|null'), // Content-Security-Policy	1✔
39	'cspReportOnly' => Expect::arrayOf('array\|scalar\|null'), // Content-Security-Policy-Report-Only	1✔
40	'featurePolicy' => Expect::arrayOf('array\|scalar\|null'), // Feature-Policy	1✔
41	'cookiePath' => Expect::string()->dynamic(),	1✔
42	'cookieDomain' => Expect::string()->dynamic(),	1✔
43	'cookieSecure' => Expect::anyOf('auto', null, true, false)->firstIsDefault()->dynamic(), // Whether the cookie is available only through HTTPS	1✔
44	'disableNetteCookie' => Expect::bool(false), // disables cookie use by Nette	1✔
45	]);
46	}
47
48
49	public function loadConfiguration(): void
50	{
51	$builder = $this->getContainerBuilder();	1✔
52	$config = $this->config;	1✔
53
54	$requestFactory = $builder->addDefinition($this->prefix('requestFactory'))	1✔
55	->setFactory(Nette\Http\RequestFactory::class)	1✔
56	->addSetup('setProxy', [$config->proxy]);	1✔
57
58	if ($config->forceHttps) {	1✔
NEW 59	$requestFactory->addSetup('setForceHttps');	×
60	}
61
62	$request = $builder->addDefinition($this->prefix('request'))	1✔
63	->setFactory('@Nette\Http\RequestFactory::fromGlobals');	1✔
64
65	$response = $builder->addDefinition($this->prefix('response'))	1✔
66	->setFactory(Nette\Http\Response::class);	1✔
67
68	if ($config->cookiePath !== null) {	1✔
69	$response->addSetup('$cookiePath', [$config->cookiePath]);	1✔
70	}
71
72	if ($config->cookieDomain !== null) {	1✔
73	$value = $config->cookieDomain === 'domain'	1✔
74	? $builder::literal('$this->getService(?)->getUrl()->getDomain(2)', [$request->getName()])	1✔
75	: $config->cookieDomain;	1✔
76	$response->addSetup('$cookieDomain', [$value]);	1✔
77	}
78
79	if ($config->cookieSecure !== null) {	1✔
80	$value = $config->cookieSecure === 'auto'	1✔
81	? $builder::literal('$this->getService(?)->isSecured()', [$request->getName()])	1✔
82	: $config->cookieSecure;	1✔
83	$response->addSetup('$cookieSecure', [$value]);	1✔
84	}
85
86	if ($this->name === 'http') {	1✔
87	$builder->addAlias('nette.httpRequestFactory', $this->prefix('requestFactory'));	1✔
88	$builder->addAlias('httpRequest', $this->prefix('request'));	1✔
89	$builder->addAlias('httpResponse', $this->prefix('response'));	1✔
90	}
91
92	if (!$this->cliMode) {	1✔
93	$this->sendHeaders();	1✔
94	}
95	}	1✔
96
97
98	private function sendHeaders(): void
99	{
100	$config = $this->config;	1✔
101	$headers = array_map(strval(...), $config->headers);	1✔
102
103	if (isset($config->frames) && $config->frames !== true && !isset($headers['X-Frame-Options'])) {	1✔
104	$frames = $config->frames;	1✔
105	if ($frames === false) {	1✔
UNCOV 106	$frames = 'DENY';	×
107	} elseif (preg_match('#^https?:#', $frames)) {	1✔
UNCOV 108	$frames = "ALLOW-FROM $frames";	×
109	}
110
111	$headers['X-Frame-Options'] = $frames;	1✔
112	}
113
114	foreach (['csp', 'cspReportOnly'] as $key) {	1✔
115	if (empty($config->$key)) {	1✔
116	continue;	1✔
117	}
118
UNCOV 119	$value = self::buildPolicy($config->$key);	×
UNCOV 120	if (str_contains($value, "'nonce'")) {	×
UNCOV 121	$this->initialization->addBody('$cspNonce = base64_encode(random_bytes(16));');	×
UNCOV 122	$value = Nette\DI\ContainerBuilder::literal(	×
UNCOV 123	'str_replace(?, ? . $cspNonce, ?)',	×
124	["'nonce", "'nonce-", $value],	×
125	);
126	}
127
128	$headers['Content-Security-Policy' . ($key === 'csp' ? '' : '-Report-Only')] = $value;	×
129	}
130
131	if (!empty($config->featurePolicy)) {	1✔
UNCOV 132	$headers['Feature-Policy'] = self::buildPolicy($config->featurePolicy);	×
133	}
134
135	$this->initialization->addBody('$response = $this->getService(?);', [$this->prefix('response')]);	1✔
136	foreach ($headers as $key => $value) {	1✔
137	if ($value !== '') {	1✔
138	$this->initialization->addBody('$response->setHeader(?, ?);', [$key, $value]);	1✔
139	}
140	}
141
142	if (!$config->disableNetteCookie) {	1✔
143	$this->initialization->addBody(	1✔
144	'Nette\Http\Helpers::initCookie($this->getService(?), $response);',	1✔
145	[$this->prefix('request')],	1✔
146	);
147	}
148	}	1✔
149
150
151	/** @param array<string, list<mixed>\|scalar\|null> $config */
152	private static function buildPolicy(array $config): string
153	{
UNCOV 154	$nonQuoted = ['require-sri-for' => 1, 'sandbox' => 1];	×
UNCOV 155	$value = '';	×
UNCOV 156	foreach ($config as $type => $policy) {	×
UNCOV 157	if ($policy === false) {	×
UNCOV 158	continue;	×
159	}
160
161	$policy = $policy === true ? [] : (array) $policy;	×
162	$value .= $type;	×
163	foreach ($policy as $item) {	×
UNCOV 164	if (is_array($item)) {	×
UNCOV 165	$item = key($item) . ':';	×
166	}
167
168	$value .= !isset($nonQuoted[$type]) && preg_match('#^[a-z-]+$#D', $item)	×
169	? " '$item'"	×
170	: " $item";	×
171	}
172
173	$value .= '; ';	×
174	}
175
UNCOV 176	return $value;	×
177	}
178	}

nette / http / 21830668774

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous