| Server IP : 14.207.165.8 / Your IP : 216.73.216.26 Web Server : Apache/2.4.18 (Ubuntu) System : Linux 246 4.4.0-210-generic #242-Ubuntu SMP Fri Apr 16 09:57:56 UTC 2021 x86_64 User : root ( 0) PHP Version : 7.0.33-0ubuntu0.16.04.16 Disable Function : exec,passthru,shell_exec,system,proc_open,popen,pcntl_exec MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : ON Directory : /var/www/html/eoffice/frontend/components/ |
Upload File : |
<?php
namespace frontend\components;
use yii\base\Behavior;
use yii\web\Controller;
use yii\web\Response;
class CspHeaderBehavior extends Behavior
{
public function events()
{
return [
Controller::EVENT_BEFORE_ACTION => 'onBeforeAction',
];
}
public function onBeforeAction($event)
{
/** @var Controller $controller */
$controller = $this->owner;
// ดึง Response object
$response = \Yii::$app->response;
// ตั้งค่า Response Format เป็น Web/HTML
$response->format = Response::FORMAT_HTML;
// กำหนด Policy ของคุณ
$policy = "default-src 'self'; ";
$policy .= "script-src 'self' 'unsafe-inline' https://ajax.googleapis.com https://www.googletagmanager.com; ";
$policy .= "style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com; ";
$policy .= "font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com; ";
$policy .= "img-src 'self' data: https://external-storage.com; ";
$policy .= "connect-src 'self' https://api.external.com; ";
// ...
// เพิ่ม policy อื่นๆ ตามต้องการ
// ...
// เพิ่ม CSP Header เข้าไปใน Response
$response->headers->set('Content-Security-Policy', $policy);
}
}