Merge branch 'AC-13547-2.4-develop' into AC-13833-AC-13547

# Conflicts:
#	app/code/Magento/Csp/etc/di.xml

Author: dvoskoboinikov

app/code/Magento/Csp/Model/SubresourceIntegrity/SriEnabledActions.php

@@ -0,0 +1,42 @@
+<?php
+/**
+ * Copyright 2024 Adobe.
+ * All Rights Reserved.
+ */
+declare(strict_types=1);
+
+namespace Magento\Csp\Model\SubresourceIntegrity;
+
+/**
+ * Defines which payment page actions can add SRI attributes
+ */
+class SriEnabledActions
+{
+    /**
+     * @var array $paymentActions
+     */
+    private array $paymentActions;
+
+    /**
+     * @param array $paymentActions
+     */
+    public function __construct(
+        array $paymentActions = []
+    ) {
+        $this->paymentActions = $paymentActions;
+    }
+
+    /**
+     * Check if action is for payment page on storefront or admin
+     *
+     * @param string $actionName
+     * @return bool
+     */
+    public function isPaymentPageAction(string $actionName): bool
+    {
+        return in_array(
+            $actionName,
+            $this->paymentActions
+        );
+    }
+}

app/code/Magento/Csp/Plugin/AddDefaultPropertiesToGroupPlugin.php

@@ -1,18 +1,22 @@
 <?php
 /**
- * Copyright © Magento, Inc. All rights reserved.
- * See COPYING.txt for license details.
+ * Copyright 2024 Adobe.
+ * All Rights Reserved.
  */
 declare(strict_types=1);
 
 namespace Magento\Csp\Plugin;
 
+use Magento\Framework\App\ObjectManager;
 use Magento\Framework\App\State;
 use Magento\Deploy\Package\Package;
+use Magento\Framework\Exception\LocalizedException;
 use Magento\Framework\View\Asset\AssetInterface;
 use Magento\Framework\View\Asset\LocalInterface;
 use Magento\Framework\View\Asset\GroupedCollection;
 use Magento\Csp\Model\SubresourceIntegrityRepositoryPool;
+use Magento\Framework\App\Request\Http;
+use Magento\Csp\Model\SubresourceIntegrity\SriEnabledActions;
 
 /**
  * Plugin to add integrity to assets on page load.
@@ -29,16 +33,32 @@ class AddDefaultPropertiesToGroupPlugin
      */
     private SubresourceIntegrityRepositoryPool $integrityRepositoryPool;
 
+    /**
+     * @var Http
+     */
+    private Http $request;
+
+    /**
+     * @var SriEnabledActions
+     */
+    private SriEnabledActions $action;
+
     /**
      * @param State $state
      * @param SubresourceIntegrityRepositoryPool $integrityRepositoryPool
+     * @param Http|null $request
+     * @param SriEnabledActions|null $action
      */
     public function __construct(
         State $state,
-        SubresourceIntegrityRepositoryPool $integrityRepositoryPool
+        SubresourceIntegrityRepositoryPool $integrityRepositoryPool,
+        ?Http $request = null,
+        ?SriEnabledActions $action = null
     ) {
         $this->state = $state;
         $this->integrityRepositoryPool = $integrityRepositoryPool;
+        $this->request = $request ?? ObjectManager::getInstance()->get(Http::class);
+        $this->action = $action ?? ObjectManager::getInstance()->get(SriEnabledActions::class);
     }
 
     /**
@@ -49,13 +69,14 @@ public function __construct(
      * @param array $properties
      * @return array
      * @SuppressWarnings(PHPMD.UnusedFormalParameter)
+     * @throws LocalizedException
      */
     public function beforeGetFilteredProperties(
         GroupedCollection $subject,
         AssetInterface $asset,
         array $properties = []
     ): array {
-        if ($asset instanceof LocalInterface) {
+        if ($this->canExecute($asset)) {
             $integrityRepository = $this->integrityRepositoryPool->get(
                 Package::BASE_AREA
             );
@@ -78,4 +99,18 @@ public function beforeGetFilteredProperties(
 
         return [$asset, $properties];
     }
+
+    /**
+     * Check if beforeGetFilteredProperties plugin should execute
+     *
+     * @param AssetInterface $asset
+     * @return bool
+     */
+    private function canExecute(AssetInterface $asset): bool
+    {
+        return $asset instanceof LocalInterface &&
+            $this->action->isPaymentPageAction(
+                $this->request->getFullActionName()
+            );
+    }
 }

app/code/Magento/Csp/Test/Unit/Plugin/AddDefaultPropertiesToGroupPluginTest.php

@@ -1,7 +1,7 @@
 <?php
 /**
- * Copyright © Magento, Inc. All rights reserved.
- * See COPYING.txt for license details.
+ * Copyright 2024 Adobe.
+ * All Rights Reserved.
  */
 declare(strict_types=1);
 
@@ -10,12 +10,15 @@
 use Magento\Csp\Model\SubresourceIntegrity;
 use Magento\Csp\Model\SubresourceIntegrityRepository;
 use Magento\Csp\Model\SubresourceIntegrityRepositoryPool;
+use Magento\Framework\Exception\LocalizedException;
 use PHPUnit\Framework\MockObject\MockObject;
 use PHPUnit\Framework\TestCase;
 use Magento\Csp\Plugin\AddDefaultPropertiesToGroupPlugin;
 use Magento\Framework\View\Asset\File;
 use Magento\Framework\View\Asset\GroupedCollection;
 use Magento\Framework\App\State;
+use Magento\Framework\App\Request\Http;
+use Magento\Csp\Model\SubresourceIntegrity\SriEnabledActions;
 
 /**
  * Test for class Magento\Csp\Plugin\AddDefaultPropertiesToGroupPlugin
@@ -39,6 +42,16 @@ class AddDefaultPropertiesToGroupPluginTest extends TestCase
      */
     private MockObject $stateMock;
 
+    /**
+     * @var MockObject
+     */
+    private MockObject $httpMock;
+
+    /**
+     * @var MockObject
+     */
+    private MockObject $sriEnabledActionsMock;
+
     /**
      * @var AddDefaultPropertiesToGroupPlugin
      */
@@ -64,19 +77,33 @@ protected function setUp(): void
             ->disableOriginalConstructor()
             ->onlyMethods(['getAreaCode'])
             ->getMock();
+        $this->httpMock = $this->getMockBuilder(Http::class)
+            ->disableOriginalConstructor()
+            ->onlyMethods(['getFullActionName'])
+            ->getMock();
+        $this->sriEnabledActionsMock = $this->getMockBuilder(SriEnabledActions::class)
+            ->disableOriginalConstructor()
+            ->onlyMethods(['isPaymentPageAction'])
+            ->getMock();
         $this->plugin = new AddDefaultPropertiesToGroupPlugin(
             $this->stateMock,
-            $this->integrityRepositoryPoolMock
+            $this->integrityRepositoryPoolMock,
+            $this->httpMock,
+            $this->sriEnabledActionsMock
         );
     }
 
     /**
      * Test for plugin with Js assets
      *
      * @return void
+     * @throws LocalizedException
      */
     public function testBeforeGetFilteredProperties(): void
     {
+        $actionName = "sales_order_create_index";
+        $this->sriEnabledActionsMock->expects($this->once())->method('isPaymentPageAction')->willReturn(true);
+        $this->httpMock->expects($this->once())->method('getFullActionName')->willReturn($actionName);
         $integrityRepositoryMock = $this->getMockBuilder(SubresourceIntegrityRepository::class)
             ->disableOriginalConstructor()
             ->onlyMethods(['getByPath'])

app/code/Magento/Csp/etc/di.xml

@@ -134,5 +134,16 @@
             <argument name="driver" xsi:type="object">Magento\Framework\Filesystem\Driver\File</argument>
         </arguments>
     </type>
+    <type name="Magento\Csp\Model\SubresourceIntegrity\SriEnabledActions">
+        <arguments>
+            <argument name="paymentActions" xsi:type="array">
+                <item name="sales_order_create_index" xsi:type="string">sales_order_create_index</item>
+                <item name="sales_order_create_load_block" xsi:type="string">sales_order_create_loadBlock</item>
+                <item name="checkout_index_index" xsi:type="string">checkout_index_index</item>
+                <item name="checkout_onepage_success" xsi:type="string">checkout_onepage_success</item>
+                <item name="multishipping_checkout_billing" xsi:type="string">multishipping_checkout_billing</item>
+            </argument>
+        </arguments>
+    </type>
     <preference for="Magento\Csp\Model\SubresourceIntegrity\StorageInterface" type="Magento\Csp\Model\SubresourceIntegrity\Storage\File" />
 </config>

app/code/Magento/Csp/view/frontend/layout/multishipping_checkout.xml

@@ -0,0 +1,17 @@
+<?xml version="1.0"?>
+<!--
+ /**
+  * Copyright 2024 Adobe
+  * All Rights Reserved.
+  */
+-->
+<page xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:framework:View/Layout/etc/page_configuration.xsd">
+    <head>
+        <link src="Magento_Csp::js/sri.js"/>
+    </head>
+    <body>
+        <referenceBlock name="head.additional">
+            <block class="Magento\Csp\Block\Sri\Hashes" name="csp.sri.hashes" template="Magento_Csp::sri/hashes.phtml"/>
+        </referenceBlock>
+    </body>
+</page>