improve naming

CHANGELOG.md

@@ -2,6 +2,11 @@
 
 All notable changes to `laravel-csp` will be documented in this file
 
+## 1.0.1 - 2018-02-20
+
+- fix naming of classes
+
 ## 1.0.0 - 2018-02-20
+**BROKEN VERSION, DO NOT USE**
 
 - initial release

README.md

@@ -34,22 +34,22 @@ This is the contents of the file which will be published at `config/csp.php`:
 return [
 
     /*
-     * A CSP profile will determine which CSP headers will be set. A valid CSP profile is
-     * any class that extends `Spatie\Csp\Profiles\Profile`
+     * A policy will determine which CSP headers will be set. A valid CSP policy is
+     * any class that extends `Spatie\Csp\Policies\Policy`
      */
-    'profile' => Spatie\Csp\Profiles\Basic::class,
+    'policy' => Spatie\Csp\Policies\Basic::class,
 
     /*
-     * This profile which will be put in report only mode. This is great for testing out
-     * a new profile or changes to existing csp policy without breaking anyting.
+     * This policy which will be put in report only mode. This is great for testing out
+     * a new policy or changes to existing csp policy without breaking anyting.
      */
-    'report_only_profile' => '',
+    'report_only_policy' => '',
 
     /*
-     * All violations against the CSP policy will be reported to this url.
+     * All violations against the policy will be reported to this url.
      * A great service you could use for this is https://report-uri.com/
      *
-     * You can override this setting by calling `reportTo` on your profile.
+     * You can override this setting by calling `reportTo` on your policy.
      */
     'report_uri' => env('CSP_REPORT_URI', ''),
 
@@ -86,40 +86,40 @@ Alternatively you can apply the middleware on the route or route group level.
 Route::get('my-page', 'MyController')->middleware(Spatie\Csp\AddCspHeaders::class);
 ```
 
-You can also pass a profile class as a parameter to the middleware:
+You can also pass a policy class as a parameter to the middleware:
 
 ```php
 // in a routes file
-Route::get('my-page', 'MyController')->middleware(Spatie\Csp\AddCspHeaders::class . ':' . MyProfile::class);
+Route::get('my-page', 'MyController')->middleware(Spatie\Csp\AddCspHeaders::class . ':' . MyPolicy::class);
 ``` 
 
-The given profile will override the one configured in the config file for that specific route or group of routes.
+The given policy will override the one configured in the config file for that specific route or group of routes.
 
 ## Usage
 
-This package allows you to define CSP profiles. A CSP profile determines which CSP directives will be set in the headers of the response. 
+This package allows you to define CSP policies. A CSP policy determines which CSP directives will be set in the headers of the response. 
 
 An example of a CSP directive is `script-src`. If this has the value `'self' www.google.com` then your site can only load scripts from it's own domain of `www.google.com`. You'll find [a list with all CSP directives](https://www.w3.org/TR/CSP3/#csp-directives) at Mozilla's excellent developer site.
 
 According to the spec certain directive values need to be surrounded by quotes. Examples of this are `'self'`, `'none'` and `'unsafe-inline'`. When using `addDirective` function you're not required to surround the directive value with quotes manually. We will automatically add quotes.
 
 ```php
-// in a profile
+// in a policy
 ...
    ->addDirective(Directive::SCRIPT, 'self') // will output `'self'` when outputting headers
 ...
 ```
 
-### Creating profiles
+### Creating policies
 
-In the `profile` key of the `csp` config file is set to `\Spatie\Csp\Profiles\Basic::class` by default. This class allows your site to only use images, scripts, form actions of your own site. This is how the class looks like.
+In the `policy` key of the `csp` config file is set to `\Spatie\Csp\Policies\Basic::class` by default. This class allows your site to only use images, scripts, form actions of your own site. This is how the class looks like.
 
 ```php
-namespace Spatie\Csp\Profiles;
+namespace Spatie\Csp\Policies;
 
 use Spatie\Csp\Directive;
 
-class Basic extends Profile
+class Basic extends Policy
 {
     public function configure()
     {
@@ -141,12 +141,12 @@ class Basic extends Profile
 You can allow fetching scripts from `www.google.com` by extending this class:
 
 ```php
-namespace App\Services\CspProfiles;
+namespace App\Services\CspPolicys;
 
 use Spatie\Csp\Directive;
-use Spatie\Csp\Profiles\Profile;
+use Spatie\Csp\Policies\Policy;
 
-class MyCustomProfile extends Profile
+class MyCustomPolicy extends Policy
 {
     public function configure()
     {
@@ -157,16 +157,16 @@ class MyCustomProfile extends Profile
 }
 ```
 
-Don't forget to set the `profile` key in the `csp` config file to the class name of your profile (in this case it would be `App\Services\CspProfiles\MyCustomProfile`).
+Don't forget to set the `policy` key in the `csp` config file to the class name of your policy (in this case it would be `App\Services\CspPolicys\MyCustomPolicy`).
 
 ### Using inline scripts and styles
 
 When using CSP you must specifically allow the use of inline scripts or styles. The recommended way of doing that with this package is to use a `nonce`. A nonce is a number that iss unique per request. The nonce must be specified in the CSP headers and in an attribute on the html tag. This way an attacker has no way of injecting malicious scripts or styles.
 
-First you must add the nonce to the right directives in your profile:
+First you must add the nonce to the right directives in your policy:
 
 ```php
-// in a profile
+// in a policy
 
 public function configure()
   {
@@ -199,9 +199,9 @@ There are few other options to use inline styles and scripts. Take a look at the
 
 #### In the browser
 
-Instead of outright blocking all violations you can put a profile in report only mode. In this case all requests will be made, but all violations will display in your favourite browser's console.
+Instead of outright blocking all violations you can put a policy in report only mode. In this case all requests will be made, but all violations will display in your favourite browser's console.
 
-To put a profile in report only mode just call `reportOnly()` in the `configure()` function of a report:
+To put a policy in report only mode just call `reportOnly()` in the `configure()` function of a report:
 
 ```php
     public function configure()
@@ -216,9 +216,9 @@ To put a profile in report only mode just call `reportOnly()` in the `configure(
 
 Any violations against to the policy can be reported to a given url. You can set that url in the `report_uri` key of the `csp` config file. A great service that is specifically built for handling these violation reports is [http://report-uri.io/](http://report-uri.io/). 
 
-#### Using multiple profiles
+#### Using multiple policies
 
-To test changes to your CSP policy you can specify a second profile in the `report_only_profile` in the `csp` config key. The profile specified in `profile` will be enforced, the one in `report_only_profile` will not. This is great for testing a new profile or changes to existing CSP policy without breaking anything.
+To test changes to your CSP policy you can specify a second policy in the `report_only_policy` in the `csp` config key. The policy specified in `policy` will be enforced, the one in `report_only_policy` will not. This is great for testing a new policy or changes to existing CSP policy without breaking anything.
 
 ### Testing
 

config/csp.php

@@ -3,22 +3,22 @@
 return [
 
     /*
-     * A CSP profile will determine which CSP headers will be set. A valid CSP profile is
-     * any class that extends `Spatie\Csp\Profiles\Profile`
+     * A policy will determine which CSP headers will be set. A valid CSP policy is
+     * any class that extends `Spatie\Csp\Policies\Policy`
      */
-    'profile' => Spatie\Csp\Profiles\Basic::class,
+    'policy' => Spatie\Csp\Policies\Basic::class,
 
     /*
-     * This profile which will be put in report only mode. This is great for testing out
-     * a new profile or changes to existing csp policy without breaking anyting.
+     * This policy which will be put in report only mode. This is great for testing out
+     * a new policy or changes to existing csp policy without breaking anyting.
      */
-    'report_only_profile' => '',
+    'report_only_policy' => '',
 
     /*
-     * All violations against the CSP policy will be reported to this url.
+     * All violations against the policy will be reported to this url.
      * A great service you could use for this is https://report-uri.com/
      *
-     * You can override this setting by calling `reportTo` on your profile.
+     * You can override this setting by calling `reportTo` on your policy.
      */
     'report_uri' => env('CSP_REPORT_URI', ''),
 

src/AddCspHeaders.php

@@ -8,44 +8,44 @@
 
 class AddCspHeaders
 {
-    public function handle(Request $request, Closure $next, $customProfileClass = null)
+    public function handle(Request $request, Closure $next, $customPolicyClass = null)
     {
         $response = $next($request);
 
         $this
-            ->getProfiles($customProfileClass, $response)
+            ->getPolicys($customPolicyClass, $response)
             ->filter->shouldBeApplied($request, $response)
             ->each->applyTo($response);
 
         return $response;
     }
 
-    protected function getProfiles(string $customProfileClass = null): Collection
+    protected function getPolicys(string $customPolicyClass = null): Collection
     {
-        $profiles = collect();
+        $policys = collect();
 
-        if ($customProfileClass) {
-            $profiles->push(ProfileFactory::create($customProfileClass));
+        if ($customPolicyClass) {
+            $policys->push(PolicyFactory::create($customPolicyClass));
 
-            return $profiles;
+            return $policys;
         }
 
-        $profileClass = config('csp.profile');
+        $policyClass = config('csp.policy');
 
-        if (! empty($profileClass)) {
-            $profiles->push(ProfileFactory::create($profileClass));
+        if (! empty($policyClass)) {
+            $policys->push(PolicyFactory::create($policyClass));
         }
 
-        $reportOnlyProfileClass = config('csp.report_only_profile');
+        $reportOnlyPolicyClass = config('csp.report_only_policy');
 
-        if (! empty($reportOnlyProfileClass)) {
-            $profile = ProfileFactory::create($reportOnlyProfileClass);
+        if (! empty($reportOnlyPolicyClass)) {
+            $policy = PolicyFactory::create($reportOnlyPolicyClass);
 
-            $profile->reportOnly();
+            $policy->reportOnly();
 
-            $profiles->push($profile);
+            $policys->push($policy);
         }
 
-        return $profiles;
+        return $policys;
     }
 }

src/Exceptions/InvalidCspPolicy.php

@@ -0,0 +1,16 @@
+<?php
+
+namespace Spatie\Csp\Exceptions;
+
+use Exception;
+use Spatie\Csp\Policies\Policy;
+
+class InvalidCspPolicy extends Exception
+{
+    public static function create($class): self
+    {
+        $className = get_class($class);
+
+        return new self("The CSP class `{$className}` is not valid. A valid policy extends ".Policy::class);
+    }
+}

src/PolicyFactory.php

@@ -0,0 +1,24 @@
+<?php
+
+namespace Spatie\Csp;
+
+use Spatie\Csp\Policies\Policy;
+use Spatie\Csp\Exceptions\InvalidCspPolicy;
+
+class PolicyFactory
+{
+    public static function create(string $className): Policy
+    {
+        $policy = app($className);
+
+        if (! is_a($policy, Policy::class, true)) {
+            throw InvalidCspPolicy::create($policy);
+        }
+
+        if (! empty(config('csp.report_uri'))) {
+            $policy->reportTo(config('csp.report_uri'));
+        }
+
+        return $policy;
+    }
+}

src/Profiles/Basic.php

@@ -1,10 +1,10 @@
 <?php
 
-namespace Spatie\Csp\Profiles;
+namespace Spatie\Csp\Policies;
 
 use Spatie\Csp\Directive;
 
-class Basic extends Profile
+class Basic extends Policy
 {
     public function configure()
     {

src/Profiles/Profile.php → src/Profiles/Policy.php

@@ -1,13 +1,13 @@
 <?php
 
-namespace Spatie\Csp\Profiles;
+namespace Spatie\Csp\Policies;
 
 use Spatie\Csp\Directive;
 use Illuminate\Http\Request;
 use Spatie\Csp\Exceptions\InvalidDirective;
 use Symfony\Component\HttpFoundation\Response;
 
-abstract class Profile
+abstract class Policy
 {
     protected $directives = [];
 
@@ -19,7 +19,7 @@ abstract public function configure();
      * @param string $directive
      * @param string|array $values
      *
-     * @return \Spatie\Csp\Profiles\Profile
+     * @return \Spatie\Csp\Policies\Policy
      *
      * @throws \Spatie\Csp\Exceptions\InvalidDirective
      */