refactor: add property $directives

Author: kenjis

system/HTTP/ContentSecurityPolicy.php

@@ -26,6 +26,31 @@
  */
 class ContentSecurityPolicy
 {
+    /**
+     * CSP directives
+     *
+     * @var array<string, string>
+     */
+    protected array $directives = [
+        'base-uri'        => 'baseURI',
+        'child-src'       => 'childSrc',
+        'connect-src'     => 'connectSrc',
+        'default-src'     => 'defaultSrc',
+        'font-src'        => 'fontSrc',
+        'form-action'     => 'formAction',
+        'frame-ancestors' => 'frameAncestors',
+        'frame-src'       => 'frameSrc',
+        'img-src'         => 'imageSrc',
+        'media-src'       => 'mediaSrc',
+        'object-src'      => 'objectSrc',
+        'plugin-types'    => 'pluginTypes',
+        'script-src'      => 'scriptSrc',
+        'style-src'       => 'styleSrc',
+        'manifest-src'    => 'manifestSrc',
+        'sandbox'         => 'sandbox',
+        'report-uri'      => 'reportURI',
+    ];
+
     /**
      * Used for security enforcement
      *
@@ -704,26 +729,6 @@ protected function buildHeaders(ResponseInterface $response)
         $response->setHeader('Content-Security-Policy', []);
         $response->setHeader('Content-Security-Policy-Report-Only', []);
 
-        $directives = [
-            'base-uri'        => 'baseURI',
-            'child-src'       => 'childSrc',
-            'connect-src'     => 'connectSrc',
-            'default-src'     => 'defaultSrc',
-            'font-src'        => 'fontSrc',
-            'form-action'     => 'formAction',
-            'frame-ancestors' => 'frameAncestors',
-            'frame-src'       => 'frameSrc',
-            'img-src'         => 'imageSrc',
-            'media-src'       => 'mediaSrc',
-            'object-src'      => 'objectSrc',
-            'plugin-types'    => 'pluginTypes',
-            'script-src'      => 'scriptSrc',
-            'style-src'       => 'styleSrc',
-            'manifest-src'    => 'manifestSrc',
-            'sandbox'         => 'sandbox',
-            'report-uri'      => 'reportURI',
-        ];
-
         // inject default base & default URIs if needed
         if (empty($this->baseURI)) {
             $this->baseURI = 'self';
@@ -733,7 +738,7 @@ protected function buildHeaders(ResponseInterface $response)
             $this->defaultSrc = 'self';
         }
 
-        foreach ($directives as $name => $property) {
+        foreach ($this->directives as $name => $property) {
             if (! empty($this->{$property})) {
                 $this->addToHeader($name, $this->{$property});
             }