Remove the hash- prefix

paragonie · Jan 29, 2016 · 801c8b1 · 801c8b1
1 parent e2d4cc7
commit 801c8b1
Show file tree

Hide file tree

Showing 4 changed files with 4 additions and 4 deletions.
diff --git a/src/CSPBuilder.php b/src/CSPBuilder.php
@@ -456,7 +456,7 @@ protected function compileSubgroup($directive, $policies = null)
             foreach ($policies['hashes'] as $hash) {
                 foreach ($hash as $algo => $hashval) {
                     $ret .= \implode('', [
-                        "'hash-",
+                        "'",
                         \preg_replace('/[^A-Za-z0-9]/', '', $algo),
                         '-',
                         \preg_replace('/[^A-Za-z0-9_\+\.\/=]/', '', $hashval),

diff --git a/test/vectors/basic-csp-hash.out b/test/vectors/basic-csp-hash.out
@@ -1 +1 @@
-base-uri 'self'; default-src 'self'; child-src https://www.youtube.com https://www.youtube-nocookie.com; connect-uri 'self'; font-uri 'self'; form-action 'self' https://example.com; frame-ancestors 'none'; img-src 'self' data:; media-src 'none'; object-src 'none'; plugin-types 'none'; script-src 'self' https://ajax.googleapis.com https://cdn.mathjax.org https://oss.maxcdn.com https://www.google-analytics.com 'hash-sha256-qznLcsROx4GACP2dm0UCKCzCGHiZ1guq6ZZDob_Tng=' 'hash-sha384-YlVjjxmBPFrOTrK8RYTXMzr_Pt2Tyv2yi4yMalWlUERx821L2qJpIJNvAnO6ouM_'; style-src 'self'; report-uri /csp_violation; upgrade-insecure-requests
+base-uri 'self'; default-src 'self'; child-src https://www.youtube.com https://www.youtube-nocookie.com; connect-uri 'self'; font-uri 'self'; form-action 'self' https://example.com; frame-ancestors 'none'; img-src 'self' data:; media-src 'none'; object-src 'none'; plugin-types 'none'; script-src 'self' https://ajax.googleapis.com https://cdn.mathjax.org https://oss.maxcdn.com https://www.google-analytics.com 'sha256-qznLcsROx4GACP2dm0UCKCzCGHiZ1guq6ZZDob_Tng=' 'sha384-YlVjjxmBPFrOTrK8RYTXMzr_Pt2Tyv2yi4yMalWlUERx821L2qJpIJNvAnO6ouM_'; style-src 'self'; report-uri /csp_violation; upgrade-insecure-requests
diff --git a/test/vectors/basic-csp-no-old.out b/test/vectors/basic-csp-no-old.out
@@ -1 +1 @@
-base-uri 'self'; default-src 'self'; child-src https://www.youtube.com https://www.youtube-nocookie.com; connect-uri 'self'; font-uri 'self'; form-action 'self' https://example.com; frame-ancestors 'none'; img-src 'self' ytimg.com data:; media-src 'none'; object-src 'none'; plugin-types 'none'; script-src 'self' https://ajax.googleapis.com https://cdn.mathjax.org https://oss.maxcdn.com https://www.google-analytics.com 'hash-sha256-qznLcsROx4GACP2dm0UCKCzCGHiZ1guq6ZZDob_Tng='; style-src 'self'; report-uri /csp_violation; upgrade-insecure-requests
+base-uri 'self'; default-src 'self'; child-src https://www.youtube.com https://www.youtube-nocookie.com; connect-uri 'self'; font-uri 'self'; form-action 'self' https://example.com; frame-ancestors 'none'; img-src 'self' ytimg.com data:; media-src 'none'; object-src 'none'; plugin-types 'none'; script-src 'self' https://ajax.googleapis.com https://cdn.mathjax.org https://oss.maxcdn.com https://www.google-analytics.com 'sha256-qznLcsROx4GACP2dm0UCKCzCGHiZ1guq6ZZDob_Tng='; style-src 'self'; report-uri /csp_violation; upgrade-insecure-requests
diff --git a/test/vectors/basic-csp.out b/test/vectors/basic-csp.out
@@ -1 +1 @@
-base-uri 'self'; default-src 'self'; child-src https://www.youtube.com https://www.youtube-nocookie.com; connect-uri 'self'; font-uri 'self'; form-action 'self' https://example.com; frame-ancestors 'none'; img-src 'self' https://ytimg.com ytimg.com data:; media-src 'none'; object-src 'none'; plugin-types 'none'; script-src 'self' https://ajax.googleapis.com https://cdn.mathjax.org https://oss.maxcdn.com https://www.google-analytics.com 'hash-sha256-qznLcsROx4GACP2dm0UCKCzCGHiZ1guq6ZZDob_Tng='; style-src 'self'; report-uri /csp_violation; upgrade-insecure-requests
+base-uri 'self'; default-src 'self'; child-src https://www.youtube.com https://www.youtube-nocookie.com; connect-uri 'self'; font-uri 'self'; form-action 'self' https://example.com; frame-ancestors 'none'; img-src 'self' https://ytimg.com ytimg.com data:; media-src 'none'; object-src 'none'; plugin-types 'none'; script-src 'self' https://ajax.googleapis.com https://cdn.mathjax.org https://oss.maxcdn.com https://www.google-analytics.com 'sha256-qznLcsROx4GACP2dm0UCKCzCGHiZ1guq6ZZDob_Tng='; style-src 'self'; report-uri /csp_violation; upgrade-insecure-requests
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		base-uri 'self'; default-src 'self'; child-src https://www.youtube.com https://www.youtube-nocookie.com; connect-uri 'self'; font-uri 'self'; form-action 'self' https://example.com; frame-ancestors 'none'; img-src 'self' data:; media-src 'none'; object-src 'none'; plugin-types 'none'; script-src 'self' https://ajax.googleapis.com https://cdn.mathjax.org https://oss.maxcdn.com https://www.google-analytics.com 'hash-sha256-qznLcsROx4GACP2dm0UCKCzCGHiZ1guq6ZZDob_Tng=' 'hash-sha384-YlVjjxmBPFrOTrK8RYTXMzr_Pt2Tyv2yi4yMalWlUERx821L2qJpIJNvAnO6ouM_'; style-src 'self'; report-uri /csp_violation; upgrade-insecure-requests
		base-uri 'self'; default-src 'self'; child-src https://www.youtube.com https://www.youtube-nocookie.com; connect-uri 'self'; font-uri 'self'; form-action 'self' https://example.com; frame-ancestors 'none'; img-src 'self' data:; media-src 'none'; object-src 'none'; plugin-types 'none'; script-src 'self' https://ajax.googleapis.com https://cdn.mathjax.org https://oss.maxcdn.com https://www.google-analytics.com 'sha256-qznLcsROx4GACP2dm0UCKCzCGHiZ1guq6ZZDob_Tng=' 'sha384-YlVjjxmBPFrOTrK8RYTXMzr_Pt2Tyv2yi4yMalWlUERx821L2qJpIJNvAnO6ouM_'; style-src 'self'; report-uri /csp_violation; upgrade-insecure-requests