Fix the setup of CSP Domains now that it's not on SiteConfig anymore

Firesphere · Feb 28, 2019 · 0ee998a · 0ee998a
1 parent 15c57f7
commit 0ee998a
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 8 deletions.
diff --git a/src/Extensions/ControllerCSPExtension.php b/src/Extensions/ControllerCSPExtension.php
@@ -92,7 +92,7 @@ public function onAfterInit()
         if (Director::isLive() || $this->checkCookie($this->owner->getRequest())) {
             $policy = $this->setDefaultPolicies();
             $this->setConfigPolicies($policy);
-            $this->setSiteConfigPolicies($policy);
+            $this->setCSPDomainPolicies($policy);
             $this->setReportPolicy();
 
             $headers = $policy->getHeaders(CSPBackend::config()->get('legacy_headers'));
@@ -200,15 +200,15 @@ protected function setConfigPolicies($policy)
      * @param ContentSecurityPolicyHeaderBuilder $policy
      * @throws \Phpcsp\Security\InvalidDirectiveException
      */
-    protected function setSiteConfigPolicies($policy)
+    protected function setCSPDomainPolicies($policy)
     {
         /** @var DataList|CSPDomain[] $domains */
-        $domains = CSPDomain::get()->map('Source', 'Domain')->toArray();
+        $domains = CSPDomain::get()->map('Source', 'Domain');
         $map = $this->allowedDirectivesMap;
-
         foreach ($domains as $type => $domain) {
             $policy->addSourceExpression($map[$type], $domain);
         }
+        exit;
     }
 
     protected function setReportPolicy()

diff --git a/src/Models/CSPDomain.php b/src/Models/CSPDomain.php
@@ -27,10 +27,6 @@ class CSPDomain extends DataObject implements PermissionProvider
         'Source' => 'Enum("default,script,style,img,media,font,form,Frame")'
     ];
 
-    private static $has_one = [
-        'SiteConfig' => SiteConfig::class
-    ];
-
     private static $summary_fields = [
         'Domain',
         'Source'