AC-10686: [PCI] SRI enabled on payment pages

dvoskoboinikov · dvoskoboinikov · commit 19333c0d5e83 · 2024-02-26T13:07:19.000-06:00
diff --git a/app/code/Magento/Csp/Block/Sri/Hashes.php b/app/code/Magento/Csp/Block/Sri/Hashes.php
@@ -7,6 +7,7 @@
 
 use Magento\Framework\App\ObjectManager;
 use Magento\Framework\View\Element\Template;
+use Magento\Framework\Exception\LocalizedException;
 use Magento\Framework\Serialize\SerializerInterface;
 use Magento\Framework\View\Element\Template\Context;
 use Magento\Csp\Model\SubresourceIntegrityRepositoryPool;
@@ -50,7 +51,9 @@ public function __construct(
     }
 
     /**
-     * Retrieve serialized integrity hashes.
+     * Retrieves integrity hashes in serialized format.
+     *
+     * @throws LocalizedException
      *
      * @return string
      */
@@ -59,7 +62,7 @@ public function getSerialized(): string
         $result = [];
 
         $integrityRepository = $this->integrityRepositoryPool->get(
-            $this->getRequest()->getFullActionName()
+            $this->_appState->getAreaCode()
         );
 
         foreach ($integrityRepository->getAll() as $integrity) {
diff --git a/app/code/Magento/Csp/Model/Collector/SubresourceIntegrityCollector.php b/app/code/Magento/Csp/Model/Collector/SubresourceIntegrityCollector.php
diff --git a/app/code/Magento/Csp/Plugin/AddDefaultPropertiesToGroupPlugin.php b/app/code/Magento/Csp/Plugin/AddDefaultPropertiesToGroupPlugin.php
@@ -7,7 +7,7 @@
 
 namespace Magento\Csp\Plugin;
 
-use Magento\Framework\App\Request\Http;
+use Magento\Framework\App\State;
 use Magento\Framework\View\Asset\AssetInterface;
 use Magento\Framework\View\Asset\GroupedCollection;
 use Magento\Csp\Model\SubresourceIntegrityRepositoryPool;
@@ -18,24 +18,24 @@
 class AddDefaultPropertiesToGroupPlugin
 {
     /**
-     * @var Http
+     * @var State
      */
-    private Http $request;
+    private State $state;
 
     /**
      * @var SubresourceIntegrityRepositoryPool
      */
     private SubresourceIntegrityRepositoryPool $integrityRepositoryPool;
 
     /**
-     * @param Http $request
+     * @param State $state
      * @param SubresourceIntegrityRepositoryPool $integrityRepositoryPool
      */
     public function __construct(
-        Http $request,
+        State $state,
         SubresourceIntegrityRepositoryPool $integrityRepositoryPool
     ) {
-        $this->request = $request;
+        $this->state = $state;
         $this->integrityRepositoryPool = $integrityRepositoryPool;
     }
 
@@ -54,7 +54,7 @@ public function beforeGetFilteredProperties(
         array $properties = []
     ): array {
         $integrityRepository = $this->integrityRepositoryPool->get(
-            $this->request->getFullActionName()
+            $this->state->getAreaCode()
         );
 
         $integrity = $integrityRepository->getByUrl($asset->getUrl());
diff --git a/app/code/Magento/Csp/Plugin/GenerateAssetIntegrity.php b/app/code/Magento/Csp/Plugin/GenerateAssetIntegrity.php
@@ -12,7 +12,6 @@
 use Magento\Framework\App\View\Asset\Publisher;
 use Magento\Framework\View\Asset\LocalInterface;
 use Magento\Framework\View\Asset\AssetInterface;
-use Magento\Framework\App\Config\ScopeConfigInterface;
 use Magento\Csp\Model\SubresourceIntegrityFactory;
 use Magento\Csp\Model\SubresourceIntegrity\HashGenerator;
 use Magento\Csp\Model\SubresourceIntegrityRepositoryPool;
@@ -29,11 +28,6 @@ class GenerateAssetIntegrity
      */
     private const CONTENT_TYPES = ["js"];
 
-    /**
-     * @var ScopeConfigInterface
-     */
-    private ScopeConfigInterface $config;
-
     /**
      * @var HashGenerator
      */
@@ -50,18 +44,15 @@ class GenerateAssetIntegrity
     private SubresourceIntegrityRepositoryPool $integrityRepositoryPool;
 
     /**
-     * @param ScopeConfigInterface $config
      * @param HashGenerator $hashGenerator
      * @param SubresourceIntegrityFactory $integrityFactory
      * @param SubresourceIntegrityRepositoryPool $integrityRepositoryPool
      */
     public function __construct(
-        ScopeConfigInterface $config,
         HashGenerator $hashGenerator,
         SubresourceIntegrityFactory $integrityFactory,
         SubresourceIntegrityRepositoryPool $integrityRepositoryPool
     ) {
-        $this->config = $config;
         $this->hashGenerator = $hashGenerator;
         $this->integrityFactory = $integrityFactory;
         $this->integrityRepositoryPool = $integrityRepositoryPool;
@@ -124,28 +115,23 @@ public function afterCreateRequireJsConfigAsset(
      */
     private function generateIntegrity(LocalInterface $asset): void
     {
-        $assetsCoveredBySri = $this->config->getValue(
-            "csp/sri/covered_assets"
+        $integrity = $this->integrityFactory->create(
+            [
+                "data" => [
+                    'hash' => $this->hashGenerator->generate(
+                        $asset->getContent()
+                    ),
+                    'url' => $asset->getUrl()
+                ]
+            ]
         );
 
-        foreach ($assetsCoveredBySri ?: [] as $action => $patterns) {
-            foreach ($patterns as $pattern) {
-                if (preg_match("/" . $pattern . "/", $asset->getUrl())) {
-                    $integrity = $this->integrityFactory->create(
-                        [
-                            "data" => [
-                                'hash' => $this->hashGenerator->generate(
-                                    $asset->getContent()
-                                ),
-                                'url' => $asset->getUrl()
-                            ]
-                        ]
-                    );
+        $area = explode(
+            "/",
+            parse_url($asset->getUrl(), PHP_URL_PATH)
+        )[3];
 
-                    $this->integrityRepositoryPool->get($action)
-                        ->save($integrity);
-                }
-            }
-        }
+        $this->integrityRepositoryPool->get($area)
+            ->save($integrity);
     }
 }
diff --git a/app/code/Magento/Csp/etc/di.xml b/app/code/Magento/Csp/etc/di.xml
@@ -33,7 +33,6 @@
                 <item name="whitelist" xsi:type="object" sortOrder="2">Magento\Csp\Model\Collector\CspWhitelistXmlCollector\Proxy</item>
                 <item name="controller" xsi:type="object" sortOrder="100">Magento\Csp\Model\Collector\ControllerCollector\Proxy</item>
                 <item name="dynamic" xsi:type="object" sortOrder="3">Magento\Csp\Model\Collector\DynamicCollector\Proxy</item>
-                <item name="sri" xsi:type="object" sortOrder="2">Magento\Csp\Model\Collector\SubresourceIntegrityCollector\Proxy</item>
             </argument>
             <argument name="mergers" xsi:type="array">
                 <item name="composite" xsi:type="object">Magento\Csp\Model\Collector\MergerInterface</item>
diff --git a/app/code/Magento/Sales/etc/config.xml b/app/code/Magento/Sales/etc/config.xml
@@ -127,17 +127,5 @@
               <email_required_create_order>1</email_required_create_order>
           </create_account>
         </customer>
-        <csp>
-            <sri>
-                <covered_assets>
-                    <checkout_index_index>
-                        <require_js>.*\/frontend\/Magento\/luma\/[a-z]{2}_[A-Z]{2}\/requirejs\/require.js</require_js>
-                        <mixins_js>.*\/frontend\/Magento\/luma\/[a-z]{2}_[A-Z]{2}\/mage\/requirejs\/mixins.js</mixins_js>
-                        <requirejs_config_js>.*\/frontend\/Magento\/luma\/[a-z]{2}_[A-Z]{2}\/requirejs-config.js</requirejs_config_js>
-                        <sri_js>.*\/frontend\/Magento\/luma\/[a-z]{2}_[A-Z]{2}\/Magento_Csp\/js\/sri.js</sri_js>
-                    </checkout_index_index>
-                </covered_assets>
-            </sri>
-        </csp>
     </default>
 </config>
