3 namespace BookStack\Http\Middleware;
5 use BookStack\Util\CspService;
7 use Illuminate\Http\Request;
11 protected CspService $cspService;
13 public function __construct(CspService $cspService)
15 $this->cspService = $cspService;
19 * Handle an incoming request.
21 * @param Request $request
22 * @param Closure $next
26 public function handle($request, Closure $next)
28 view()->share('cspNonce', $this->cspService->getNonce());
29 if ($this->cspService->allowedIFrameHostsConfigured()) {
30 config()->set('session.same_site', 'none');
33 $response = $next($request);
35 $cspHeader = $this->cspService->getCspHeader();
36 $response->headers->set('Content-Security-Policy', $cspHeader, false);
projects / bookstack / blob