Content Security Policy (CSP) Implementation a new approach

.phpstan.dist.baseline.neon

@@ -7008,6 +7008,30 @@ parameters:
 			count: 1
 			path: app/design/adminhtml/default/default/template/system/config/form/field/array.phtml
 
+		-
+			message: '#^Access to protected property Mage_Adminhtml_Block_System_Config_Form_Field_Csp_Hosts\:\:\$_addAfter\.$#'
+			identifier: property.protected
+			count: 4
+			path: app/design/adminhtml/default/default/template/system/config/form/field/csp.phtml
+
+		-
+			message: '#^Access to protected property Mage_Adminhtml_Block_System_Config_Form_Field_Csp_Hosts\:\:\$_addButtonLabel\.$#'
+			identifier: property.protected
+			count: 2
+			path: app/design/adminhtml/default/default/template/system/config/form/field/csp.phtml
+
+		-
+			message: '#^Access to protected property Mage_Adminhtml_Block_System_Config_Form_Field_Csp_Hosts\:\:\$_columns\.$#'
+			identifier: property.protected
+			count: 5
+			path: app/design/adminhtml/default/default/template/system/config/form/field/csp.phtml
+
+		-
+			message: '#^Call to protected method _renderCellTemplate\(\) of class Mage_Adminhtml_Block_System_Config_Form_Field_Csp_Hosts\.$#'
+			identifier: method.protected
+			count: 2
+			path: app/design/adminhtml/default/default/template/system/config/form/field/csp.phtml
+
 		-
 			message: '#^Unreachable statement \- code above always terminates\.$#'
 			identifier: deadCode.unreachable

app/code/core/Mage/Adminhtml/Block/System/Config/Form/Field/Array/Abstract.php

@@ -48,7 +48,7 @@ abstract class Mage_Adminhtml_Block_System_Config_Form_Field_Array_Abstract exte
      *
      * @var array|null
      */
-    private $_arrayRowsCache;
+    protected $_arrayRowsCache;
 
     /**
      * Indication whether block is prepared to render or no

app/code/core/Mage/Adminhtml/Block/System/Config/Form/Field/Csp/Admin/Connectsrc.php

@@ -0,0 +1,24 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * OpenMage
+ *
+ * This source file is subject to the Academic Free License (AFL 3.0)
+ * that is bundled with this package in the file LICENSE_AFL.txt.
+ * It is also available at https://opensource.org/license/afl-3-0-php
+ *
+ * @category   Mage
+ * @package    Mage_Csp
+ * @copyright  Copyright (c) 2025 The OpenMage Contributors (https://www.openmage.org)
+ * @license    https://opensource.org/licenses/afl-3.0.php Academic Free License (AFL 3.0)
+ */
+
+/**
+ * connect-src hosts field renderer
+ */
+class Mage_Adminhtml_Block_System_Config_Form_Field_Csp_Admin_Connectsrc extends Mage_Adminhtml_Block_System_Config_Form_Field_Csp_Connectsrc
+{
+    protected $_area = Mage_Core_Model_App_Area::AREA_ADMINHTML;
+}

app/code/core/Mage/Adminhtml/Block/System/Config/Form/Field/Csp/Admin/Defaultsrc.php

@@ -0,0 +1,24 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * OpenMage
+ *
+ * This source file is subject to the Academic Free License (AFL 3.0)
+ * that is bundled with this package in the file LICENSE_AFL.txt.
+ * It is also available at https://opensource.org/license/afl-3-0-php
+ *
+ * @category   Mage
+ * @package    Mage_Csp
+ * @copyright  Copyright (c) 2025 The OpenMage Contributors (https://www.openmage.org)
+ * @license    https://opensource.org/licenses/afl-3.0.php Academic Free License (AFL 3.0)
+ */
+
+/**
+ * default-src hosts field renderer
+ */
+class Mage_Adminhtml_Block_System_Config_Form_Field_Csp_Admin_Defaultsrc extends Mage_Adminhtml_Block_System_Config_Form_Field_Csp_Defaultsrc
+{
+    protected $_area = Mage_Core_Model_App_Area::AREA_ADMINHTML;
+}

app/code/core/Mage/Adminhtml/Block/System/Config/Form/Field/Csp/Admin/Fontsrc.php

@@ -0,0 +1,24 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * OpenMage
+ *
+ * This source file is subject to the Academic Free License (AFL 3.0)
+ * that is bundled with this package in the file LICENSE_AFL.txt.
+ * It is also available at https://opensource.org/license/afl-3-0-php
+ *
+ * @category   Mage
+ * @package    Mage_Csp
+ * @copyright  Copyright (c) 2025 The OpenMage Contributors (https://www.openmage.org)
+ * @license    https://opensource.org/licenses/afl-3.0.php Academic Free License (AFL 3.0)
+ */
+
+/**
+ * font-src hosts field renderer
+ */
+class Mage_Adminhtml_Block_System_Config_Form_Field_Csp_Admin_Fontsrc extends Mage_Adminhtml_Block_System_Config_Form_Field_Csp_Fontsrc
+{
+    protected $_area = Mage_Core_Model_App_Area::AREA_ADMINHTML;
+}

app/code/core/Mage/Adminhtml/Block/System/Config/Form/Field/Csp/Admin/Formaction.php

@@ -0,0 +1,24 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * OpenMage
+ *
+ * This source file is subject to the Academic Free License (AFL 3.0)
+ * that is bundled with this package in the file LICENSE_AFL.txt.
+ * It is also available at https://opensource.org/license/afl-3-0-php
+ *
+ * @category   Mage
+ * @package    Mage_Csp
+ * @copyright  Copyright (c) 2025 The OpenMage Contributors (https://www.openmage.org)
+ * @license    https://opensource.org/licenses/afl-3.0.php Academic Free License (AFL 3.0)
+ */
+
+/**
+ * form-action hosts field renderer
+ */
+class Mage_Adminhtml_Block_System_Config_Form_Field_Csp_Admin_Formaction extends Mage_Adminhtml_Block_System_Config_Form_Field_Csp_Formaction
+{
+    protected $_area = Mage_Core_Model_App_Area::AREA_ADMINHTML;
+}

app/code/core/Mage/Adminhtml/Block/System/Config/Form/Field/Csp/Admin/Framesrc.php

@@ -0,0 +1,24 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * OpenMage
+ *
+ * This source file is subject to the Academic Free License (AFL 3.0)
+ * that is bundled with this package in the file LICENSE_AFL.txt.
+ * It is also available at https://opensource.org/license/afl-3-0-php
+ *
+ * @category   Mage
+ * @package    Mage_Csp
+ * @copyright  Copyright (c) 2025 The OpenMage Contributors (https://www.openmage.org)
+ * @license    https://opensource.org/licenses/afl-3.0.php Academic Free License (AFL 3.0)
+ */
+
+/**
+ * frame-src hosts field renderer
+ */
+class Mage_Adminhtml_Block_System_Config_Form_Field_Csp_Admin_Framesrc extends Mage_Adminhtml_Block_System_Config_Form_Field_Csp_Framesrc
+{
+    protected $_area = Mage_Core_Model_App_Area::AREA_ADMINHTML;
+}

app/code/core/Mage/Adminhtml/Block/System/Config/Form/Field/Csp/Admin/Imgsrc.php

@@ -0,0 +1,24 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * OpenMage
+ *
+ * This source file is subject to the Academic Free License (AFL 3.0)
+ * that is bundled with this package in the file LICENSE_AFL.txt.
+ * It is also available at https://opensource.org/license/afl-3-0-php
+ *
+ * @category   Mage
+ * @package    Mage_Csp
+ * @copyright  Copyright (c) 2025 The OpenMage Contributors (https://www.openmage.org)
+ * @license    https://opensource.org/licenses/afl-3.0.php Academic Free License (AFL 3.0)
+ */
+
+/**
+ * img-src hosts field renderer
+ */
+class Mage_Adminhtml_Block_System_Config_Form_Field_Csp_Admin_Imgsrc extends Mage_Adminhtml_Block_System_Config_Form_Field_Csp_Imgsrc
+{
+    protected $_area = Mage_Core_Model_App_Area::AREA_ADMINHTML;
+}

app/code/core/Mage/Adminhtml/Block/System/Config/Form/Field/Csp/Admin/Mediasrc.php

@@ -0,0 +1,24 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * OpenMage
+ *
+ * This source file is subject to the Academic Free License (AFL 3.0)
+ * that is bundled with this package in the file LICENSE_AFL.txt.
+ * It is also available at https://opensource.org/license/afl-3-0-php
+ *
+ * @category   Mage
+ * @package    Mage_Csp
+ * @copyright  Copyright (c) 2025 The OpenMage Contributors (https://www.openmage.org)
+ * @license    https://opensource.org/licenses/afl-3.0.php Academic Free License (AFL 3.0)
+ */
+
+/**
+ * media-src hosts field renderer
+ */
+class Mage_Adminhtml_Block_System_Config_Form_Field_Csp_Admin_Mediasrc extends Mage_Adminhtml_Block_System_Config_Form_Field_Csp_Mediasrc
+{
+    protected $_area = Mage_Core_Model_App_Area::AREA_ADMINHTML;
+}

app/code/core/Mage/Adminhtml/Block/System/Config/Form/Field/Csp/Admin/Objectsrc.php

@@ -0,0 +1,24 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * OpenMage
+ *
+ * This source file is subject to the Academic Free License (AFL 3.0)
+ * that is bundled with this package in the file LICENSE_AFL.txt.
+ * It is also available at https://opensource.org/license/afl-3-0-php
+ *
+ * @category   Mage
+ * @package    Mage_Csp
+ * @copyright  Copyright (c) 2025 The OpenMage Contributors (https://www.openmage.org)
+ * @license    https://opensource.org/licenses/afl-3.0.php Academic Free License (AFL 3.0)
+ */
+
+/**
+ * object-src hosts field renderer
+ */
+class Mage_Adminhtml_Block_System_Config_Form_Field_Csp_Admin_Objectsrc extends Mage_Adminhtml_Block_System_Config_Form_Field_Csp_Objectsrc
+{
+    protected $_area = Mage_Core_Model_App_Area::AREA_ADMINHTML;
+}

app/code/core/Mage/Adminhtml/Block/System/Config/Form/Field/Csp/Admin/Scriptsrc.php

@@ -0,0 +1,24 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * OpenMage
+ *
+ * This source file is subject to the Academic Free License (AFL 3.0)
+ * that is bundled with this package in the file LICENSE_AFL.txt.
+ * It is also available at https://opensource.org/license/afl-3-0-php
+ *
+ * @category   Mage
+ * @package    Mage_Csp
+ * @copyright  Copyright (c) 2025 The OpenMage Contributors (https://www.openmage.org)
+ * @license    https://opensource.org/licenses/afl-3.0.php Academic Free License (AFL 3.0)
+ */
+
+/**
+ * Script-src hosts field renderer
+ */
+class Mage_Adminhtml_Block_System_Config_Form_Field_Csp_Admin_Scriptsrc extends Mage_Adminhtml_Block_System_Config_Form_Field_Csp_Scriptsrc
+{
+    protected $_area = Mage_Core_Model_App_Area::AREA_ADMINHTML;
+}

app/code/core/Mage/Adminhtml/Block/System/Config/Form/Field/Csp/Admin/Stylesrc.php

@@ -0,0 +1,24 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * OpenMage
+ *
+ * This source file is subject to the Academic Free License (AFL 3.0)
+ * that is bundled with this package in the file LICENSE_AFL.txt.
+ * It is also available at https://opensource.org/license/afl-3-0-php
+ *
+ * @category   Mage
+ * @package    Mage_Csp
+ * @copyright  Copyright (c) 2025 The OpenMage Contributors (https://www.openmage.org)
+ * @license    https://opensource.org/licenses/afl-3.0.php Academic Free License (AFL 3.0)
+ */
+
+/**
+ * style-src hosts field renderer
+ */
+class Mage_Adminhtml_Block_System_Config_Form_Field_Csp_Admin_Stylesrc extends Mage_Adminhtml_Block_System_Config_Form_Field_Csp_Stylesrc
+{
+    protected $_area = Mage_Core_Model_App_Area::AREA_ADMINHTML;
+}

app/code/core/Mage/Adminhtml/Block/System/Config/Form/Field/Csp/Connectsrc.php

@@ -0,0 +1,29 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * OpenMage
+ *
+ * This source file is subject to the Academic Free License (AFL 3.0)
+ * that is bundled with this package in the file LICENSE_AFL.txt.
+ * It is also available at https://opensource.org/license/afl-3-0-php
+ *
+ * @category   Mage
+ * @package    Mage_Csp
+ * @copyright  Copyright (c) 2025 The OpenMage Contributors (https://www.openmage.org)
+ * @license    https://opensource.org/licenses/afl-3.0.php Academic Free License (AFL 3.0)
+ */
+
+/**
+ * connect-src hosts field renderer
+ */
+class Mage_Adminhtml_Block_System_Config_Form_Field_Csp_Connectsrc extends Mage_Adminhtml_Block_System_Config_Form_Field_Csp_Hosts
+{
+    /**
+     * Directive name
+     *
+     * @var string
+     */
+    protected $_directiveName = 'connect-src';
+}

app/code/core/Mage/Adminhtml/Block/System/Config/Form/Field/Csp/Defaultsrc.php

@@ -0,0 +1,29 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * OpenMage
+ *
+ * This source file is subject to the Academic Free License (AFL 3.0)
+ * that is bundled with this package in the file LICENSE_AFL.txt.
+ * It is also available at https://opensource.org/license/afl-3-0-php
+ *
+ * @category   Mage
+ * @package    Mage_Csp
+ * @copyright  Copyright (c) 2025 The OpenMage Contributors (https://www.openmage.org)
+ * @license    https://opensource.org/licenses/afl-3.0.php Academic Free License (AFL 3.0)
+ */
+
+/**
+ * default-src hosts field renderer
+ */
+class Mage_Adminhtml_Block_System_Config_Form_Field_Csp_Defaultsrc extends Mage_Adminhtml_Block_System_Config_Form_Field_Csp_Hosts
+{
+    /**
+     * Directive name
+     *
+     * @var string
+     */
+    protected $_directiveName = 'default-src';
+}

app/code/core/Mage/Adminhtml/Block/System/Config/Form/Field/Csp/Fontsrc.php

@@ -0,0 +1,29 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * OpenMage
+ *
+ * This source file is subject to the Academic Free License (AFL 3.0)
+ * that is bundled with this package in the file LICENSE_AFL.txt.
+ * It is also available at https://opensource.org/license/afl-3-0-php
+ *
+ * @category   Mage
+ * @package    Mage_Csp
+ * @copyright  Copyright (c) 2025 The OpenMage Contributors (https://www.openmage.org)
+ * @license    https://opensource.org/licenses/afl-3.0.php Academic Free License (AFL 3.0)
+ */
+
+/**
+ * font-src hosts field renderer
+ */
+class Mage_Adminhtml_Block_System_Config_Form_Field_Csp_Fontsrc extends Mage_Adminhtml_Block_System_Config_Form_Field_Csp_Hosts
+{
+    /**
+     * Directive name
+     *
+     * @var string
+     */
+    protected $_directiveName = 'font-src';
+}