Add several new fragments

satrun77 · satrun77 · commit 17c8aa14219d · 2025-10-03T10:02:43.000+13:00
diff --git a/src/Fragments/AdobeTagManager.php b/src/Fragments/AdobeTagManager.php
@@ -0,0 +1,36 @@
+<?php
+
+namespace Silverstripe\CSP\Fragments;
+
+use Silverstripe\CSP\Directive;
+use Silverstripe\CSP\Fragments\Fragment;
+use Silverstripe\CSP\Policies\Policy;
+
+/**
+ * This allows you to have a adobe tag manager
+ */
+class AdobeTagManager implements Fragment
+{
+    public static function addTo(Policy $policy): void
+    {
+        $policy
+            ->addDirective(Directive::SCRIPT, [
+                // This is a CDN for adobe tag manager
+                'https://assets.adobedtm.com',
+                'https://js.adsrvr.org',
+                'https://insight.adsrvr.org',
+                'https://*.adsrvr.org',
+            ])
+            ->addDirective(Directive::FRAME, [
+                'https://insight.adsrvr.org',
+                'https://*.adsrvr.org',
+            ])
+            ->addDirective(Directive::SCRIPT_ELEM, [
+                // This is a CDN for adobe tag manager
+                'https://assets.adobedtm.com',
+                'https://js.adsrvr.org',
+                'https://insight.adsrvr.org',
+                'https://*.adsrvr.org',
+            ]);
+    }
+}
diff --git a/src/Fragments/Dynatrace.php b/src/Fragments/Dynatrace.php
@@ -0,0 +1,29 @@
+<?php
+
+namespace Silverstripe\CSP\Fragments;
+
+use Silverstripe\CSP\Directive;
+use Silverstripe\CSP\Fragments\Fragment;
+use Silverstripe\CSP\Policies\Policy;
+
+/**
+ * This allows you to have a Dynatrace
+ */
+class Dynatrace implements Fragment
+{
+    public static function addTo(Policy $policy): void
+    {
+        $policy
+            ->addDirective(Directive::CONNECT, [
+                'https://*.dynatrace.com',
+                'https://*.bf.dynatrace.com',
+            ])
+            ->addDirective(Directive::SCRIPT_ELEM, [
+                'https://*.dynatrace.com',
+            ])
+            ->addDirective(Directive::SCRIPT, [
+                'https://js-cdn.dynatrace.com',
+                'https://*.dynatrace.com',
+            ]);
+    }
+}
diff --git a/src/Fragments/FacebookPixel.php b/src/Fragments/FacebookPixel.php
@@ -0,0 +1,41 @@
+<?php
+
+namespace Silverstripe\CSP\Fragments;
+
+use Silverstripe\CSP\Directive;
+use Silverstripe\CSP\Fragments\Fragment;
+use Silverstripe\CSP\Policies\Policy;
+
+/**
+ * This allows you to have a Facebook pixel related resources
+ */
+class FacebookPixel implements Fragment
+{
+    public static function addTo(Policy $policy): void
+    {
+        $policy
+            ->addDirective(Directive::SCRIPT, [
+                'https://connect.facebook.net',
+                'https://www.facebook.com',
+            ])
+            ->addDirective(Directive::SCRIPT_ELEM, [
+                'https://connect.facebook.net',
+                'https://www.facebook.com',
+            ])
+            ->addDirective(Directive::CONNECT, [
+                'https://connect.facebook.net',
+                'https://www.facebook.com',
+                'https://www.instagram.com',
+            ])
+            ->addDirective(Directive::FRAME, [
+                'https://www.facebook.com',
+            ])
+            ->addDirective(Directive::FORM_ACTION, [
+                'https://www.facebook.com/tr/',
+            ])
+            ->addDirective(Directive::IMG, [
+                'https://connect.facebook.net',
+                'https://www.facebook.com',
+            ]);
+    }
+}
diff --git a/src/Fragments/GoogleAnalytics.php b/src/Fragments/GoogleAnalytics.php
@@ -0,0 +1,42 @@
+<?php
+
+namespace Silverstripe\CSP\Fragments;
+
+use Silverstripe\CSP\Directive;
+use Silverstripe\CSP\Policies\Policy;
+
+/**
+ * This allows you to have a Google analytics related resources
+ */
+class GoogleAnalytics implements Fragment
+{
+
+    public static function addTo(Policy $policy): void
+    {
+        $policy
+            ->addDirective(Directive::SCRIPT, [
+                'https://*.google-analytics.com',
+            ])
+            ->addDirective(Directive::SCRIPT_ELEM, [
+                'https://*.google-analytics.com',
+                'https://*.googletagmanager.com',
+                'https://www.googleadservices.com',
+            ])
+            ->addDirective(Directive::CONNECT, [
+                'https://*.google-analytics.com',
+                'https://*.analytics.google.com',
+                'https://*.googletagmanager.com',
+                'https://www.google.co.nz/ads/ga-audiences',
+                'https://google.com',
+                'https://*.google.com',
+                'https://www.google.com.au',
+                'https://www.googleadservices.com',
+                'https://*.googleapis.com',
+            ])
+            ->addDirective(Directive::IMG, [
+                'https://*.google-analytics.com',
+                'https://*.googletagmanager.com',
+            ]);
+    }
+
+}
diff --git a/src/Fragments/GoogleRecaptcha.php b/src/Fragments/GoogleRecaptcha.php
@@ -0,0 +1,30 @@
+<?php
+
+namespace Silverstripe\CSP\Fragments;
+
+use Silverstripe\CSP\Directive;
+use Silverstripe\CSP\Fragments\Fragment;
+use Silverstripe\CSP\Policies\Policy;
+
+/**
+ * This allows you to have a Google Recaptcha related resources
+ */
+class GoogleRecaptcha implements Fragment
+{
+    public static function addTo(Policy $policy): void
+    {
+        $policy
+            ->addDirective(Directive::SCRIPT_ELEM, [
+                '*.google.com',
+                'https://*.gstatic.com',
+                'https://googleads.g.doubleclick.net',
+                'https://*.googlesyndication.com',
+            ])
+            ->addDirective(Directive::CONNECT, [
+                '*.google.com',
+                'https://*.gstatic.com',
+                'https://googleads.g.doubleclick.net',
+                'https://*.googlesyndication.com',
+            ]);
+    }
+}
diff --git a/src/Fragments/JQuery.php b/src/Fragments/JQuery.php
@@ -0,0 +1,26 @@
+<?php
+
+namespace Silverstripe\CSP\Fragments;
+
+use Silverstripe\CSP\Directive;
+use Silverstripe\CSP\Fragments\Fragment;
+use Silverstripe\CSP\Policies\Policy;
+
+/**
+ * This allows you to have a jQuery CDN
+ */
+class JQuery implements Fragment
+{
+    public static function addTo(Policy $policy): void
+    {
+        $policy
+            ->addDirective(Directive::SCRIPT, [
+                // This is a CDN for jQuery used from userforms
+                'https://code.jquery.com',
+            ])
+            ->addDirective(Directive::SCRIPT_ELEM, [
+                // This is a CDN for jQuery used from userforms
+                'https://code.jquery.com',
+            ]);
+    }
+}
diff --git a/src/Fragments/LinkedIn.php b/src/Fragments/LinkedIn.php
@@ -0,0 +1,31 @@
+<?php
+
+namespace Silverstripe\CSP\Fragments;
+
+use Silverstripe\CSP\Directive;
+use Silverstripe\CSP\Fragments\Fragment;
+use Silverstripe\CSP\Policies\Policy;
+
+/**
+ * This allows you to have a LinkedIn related assets
+ */
+class LinkedIn implements Fragment
+{
+    public static function addTo(Policy $policy): void
+    {
+        $policy
+            ->addDirective(Directive::SCRIPT, [
+                'https://*.licdn.com',
+            ])
+            ->addDirective(Directive::SCRIPT_ELEM, [
+                'https://*.licdn.com',
+            ])
+            ->addDirective(Directive::CONNECT, [
+                'https://*.linkedin.oribi.io',
+                'https://*.linkedin.com',
+            ])
+            ->addDirective(Directive::IMG, [
+                'https://*.linkedin.com',
+            ]);
+    }
+}
diff --git a/src/Fragments/QualtricsSurvey.php b/src/Fragments/QualtricsSurvey.php
@@ -0,0 +1,27 @@
+<?php
+
+namespace Silverstripe\CSP\Fragments;
+
+use Silverstripe\CSP\Directive;
+use Silverstripe\CSP\Fragments\Fragment;
+use Silverstripe\CSP\Policies\Policy;
+
+/**
+ * This allows you to have a qualtrics survey
+ */
+class QualtricsSurvey implements Fragment
+{
+    public static function addTo(Policy $policy): void
+    {
+        $policy
+            ->addDirective(Directive::SCRIPT, [
+                'https://*.qualtrics.com',
+            ])
+            ->addDirective(Directive::CONNECT, [
+                'https://*.qualtrics.com',
+            ])
+            ->addDirective(Directive::SCRIPT_ELEM, [
+                'https://*.qualtrics.com',
+            ]);
+    }
+}
diff --git a/src/Fragments/TikTokPixel.php b/src/Fragments/TikTokPixel.php
@@ -0,0 +1,34 @@
+<?php
+
+namespace Silverstripe\CSP\Fragments;
+
+use Silverstripe\CSP\Directive;
+use Silverstripe\CSP\Fragments\Fragment;
+use Silverstripe\CSP\Policies\Policy;
+
+/**
+ * This allows you to have a TikTok Pixel.
+ */
+class TikTokPixel implements Fragment
+{
+    public static function addTo(Policy $policy): void
+    {
+        $policy
+            ->addDirective(Directive::FRAME, [
+                'bytedance:',
+                'sslocal:',
+            ])
+            ->addDirective(Directive::SCRIPT, [
+                'https://analytics.tiktok.com',
+            ])
+            ->addDirective(Directive::SCRIPT_ELEM, [
+                'https://analytics.tiktok.com',
+            ])
+            ->addDirective(Directive::CONNECT, [
+                'https://analytics.tiktok.com',
+            ])
+            ->addDirective(Directive::IMG, [
+                'https://analytics.tiktok.com',
+            ]);
+    }
+}
diff --git a/src/Fragments/Vimeo.php b/src/Fragments/Vimeo.php
@@ -3,6 +3,7 @@
 namespace Silverstripe\CSP\Fragments;
 
 use Silverstripe\CSP\Directive;
+use Silverstripe\CSP\Keyword;
 use Silverstripe\CSP\Policies\Policy;
 
 /**
@@ -16,6 +17,14 @@ public static function addTo(Policy $policy): void
             // We want to allow scripts loaded from here as they recommend using their embed player
             ->addDirective(Directive::SCRIPT, 'player.vimeo.com')
             ->addDirective(Directive::FRAME, "player.vimeo.com")
-            ->addDirective(Directive::CHILD, "player.vimeo.com");
+            ->addDirective(Directive::CHILD, [
+                Keyword::SELF,
+                'player.vimeo.com'
+            ])
+            ->addDirective(Directive::WORKER, [
+                Keyword::SELF,
+                'player.vimeo.com',
+                'blob:',
+            ]);
     }
 }
diff --git a/src/Fragments/WomensRefugeShield.php b/src/Fragments/WomensRefugeShield.php
@@ -25,6 +25,9 @@ public static function addTo(Policy $policy): void
             ])
             ->addDirective(Directive::FRAME, [
                 'staticcdn.co.nz',
+            ])
+            ->addDirective(Directive::SCRIPT_ELEM, [
+                'staticcdn.co.nz',
             ]);
     }
 }
diff --git a/src/Fragments/ZScalerThree.php b/src/Fragments/ZScalerThree.php
@@ -0,0 +1,28 @@
+<?php
+
+namespace Silverstripe\CSP\Fragments;
+
+use Silverstripe\CSP\Directive;
+use Silverstripe\CSP\Fragments\Fragment;
+use Silverstripe\CSP\Policies\Policy;
+
+/**
+ * This allows you to have a ZScalerThree host
+ */
+class ZScalerThree implements Fragment
+{
+    public static function addTo(Policy $policy): void
+    {
+        $policy
+            ->addDirective(Directive::SCRIPT_ELEM, [
+                'https://*.zscalerthree.net',
+                'https://gateway.zscalerthree.net',
+            ])
+            ->addDirective(Directive::FRAME, [
+                'https://*.zscalerthree.net',
+                'https://gateway.zscalerthree.net',
+                'https://gateway.zscalertwo.net',
+                'https://gateway.zscaler.net',
+            ]);
+    }
+}
