Skip to content

Commit

Permalink
check if Magento_Csp is enabled
Browse files Browse the repository at this point in the history
  • Loading branch information
@vegimcarkaxhija
vegimcarkaxhija committed Jan 24, 2025
1 parent 10cef65 commit ada0066
Show file tree
Hide file tree
Showing 2 changed files with 32 additions and 10 deletions.
27 changes: 18 additions & 9 deletions Factory/CspNonceProviderFactory.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@

use Magento\Framework\ObjectManagerInterface;
use Magento\Csp\Helper\CspNonceProvider as MagentoCspNonceProvider;
use Magento\Framework\Module\Manager as ModuleManager;
use Buckaroo\Magento2\Helper\CustomCspNonceProvider;
use Psr\Log\LoggerInterface;

Expand All @@ -23,29 +24,37 @@ class CspNonceProviderFactory
*/
private LoggerInterface $logger;

/**
* @var ModuleManager
*/
private ModuleManager $moduleManager;

public function __construct(
ObjectManagerInterface $objectManager,
LoggerInterface $logger
LoggerInterface $logger,
ModuleManager $moduleManager
) {
$this->objectManager = $objectManager;
$this->logger = $logger;
$this->moduleManager = $moduleManager;
}

/**
* Create an instance of CspNonceProvider
*
* @return MagentoCspNonceProvider|CustomCspNonceProvider|null
* @return MagentoCspNonceProvider|null
*/
public function create()
{
// Attempt to use Magento's CspNonceProvider if it exists
if (!$this->moduleManager->isEnabled('Magento_Csp')) {
$this->logger->info('Magento_Csp module is disabled. No CSP Nonce will be generated.');
return null;
}

if (class_exists(MagentoCspNonceProvider::class)) {
try {
return $this->objectManager->get(MagentoCspNonceProvider::class);
} catch (\Exception $e) {
$this->logger->error('Failed to instantiate Magento CspNonceProvider: ' . $e->getMessage());
}
return $this->objectManager->get(MagentoCspNonceProvider::class);
}
$this->logger->info('MagentoCspNonceProvider class is unavailable.');

// Fallback to custom CspNonceProvider
if (class_exists(CustomCspNonceProvider::class)) {
Expand All @@ -56,7 +65,7 @@ public function create()
}
}

// If neither class is available, log a warning
// Log a warning if no provider is available
$this->logger->warning('No CspNonceProvider available.');
return null;
}
Expand Down
15 changes: 14 additions & 1 deletion Observer/AddCspNonce.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
use Magento\Framework\Event\Observer;
use Magento\Framework\Event\ObserverInterface;
use Magento\Framework\View\Element\Template;
use Magento\Framework\Module\Manager as ModuleManager;
use Buckaroo\Magento2\Factory\CspNonceProviderFactory;

class AddCspNonce implements ObserverInterface
Expand All @@ -14,10 +15,17 @@ class AddCspNonce implements ObserverInterface
*/
private $cspNonceProvider;

/**
* @var ModuleManager
*/
private ModuleManager $moduleManager;

public function __construct(
CspNonceProviderFactory $cspNonceProviderFactory
CspNonceProviderFactory $cspNonceProviderFactory,
ModuleManager $moduleManager
) {
$this->cspNonceProvider = $cspNonceProviderFactory->create();
$this->moduleManager = $moduleManager;
}

public function execute(Observer $observer)
Expand All @@ -35,6 +43,11 @@ public function execute(Observer $observer)
return;
}

// Check if Magento_Csp is enabled
if (!$this->moduleManager->isEnabled('Magento_Csp')) {
$block->assign('cspNonce', '');
}

if ($this->cspNonceProvider) {
try {
$nonce = $this->cspNonceProvider->generateNonce();
Expand Down

0 comments on commit ada0066

Please sign in to comment.