X-Git-Url: https://git.heureux-cyclage.org/?p=lhc%2Fweb%2Fwiklou.git;a=blobdiff_plain;f=includes%2FContentSecurityPolicy.php;h=be598eae8314cf47d0762d9a86402dbdc9baa8ed;hp=62160461c9f0735fc7e01620a9c27a6b9504b22a;hb=e73328601d51674e8fef89c3db12b30ceafd702f;hpb=97af92da48f0d434cf4b541e7a3f2d96619a95b2

diff --git a/includes/ContentSecurityPolicy.php b/includes/ContentSecurityPolicy.php
index 62160461c9..be598eae83 100644
--- a/includes/ContentSecurityPolicy.php
+++ b/includes/ContentSecurityPolicy.php
@@ -98,11 +98,14 @@ class ContentSecurityPolicy {
 	 *
 	 * @param int $reportOnly Either self::REPORT_ONLY_MODE or self::FULL_MODE
 	 * @return string Name of http header
+	 * @throws UnexpectedValueException
 	 */
 	private function getHeaderName( $reportOnly ) {
 		if ( $reportOnly === self::REPORT_ONLY_MODE ) {
 			return 'Content-Security-Policy-Report-Only';
-		} elseif ( $reportOnly === self::FULL_MODE ) {
+		}
+
+		if ( $reportOnly === self::FULL_MODE ) {
 			return 'Content-Security-Policy';
 		}
 		throw new UnexpectedValueException( $reportOnly );
@@ -111,7 +114,8 @@ class ContentSecurityPolicy {
 	/**
 	 * Determine what CSP policies to set for this page
 	 *
-	 * @param array|bool $config Policy configuration (Either $wgCSPHeader or $wgCSPReportOnlyHeader)
+	 * @param array|bool $policyConfig Policy configuration
+	 *   (Either $wgCSPHeader or $wgCSPReportOnlyHeader)
 	 * @param int $mode self::REPORT_ONLY_MODE, self::FULL_MODE
 	 * @return string Policy directives, or empty string for no policy.
 	 */
@@ -152,8 +156,8 @@ class ContentSecurityPolicy {
 			}
 		}
 		// Note: default on if unspecified.
-		if ( ( !isset( $policyConfig['unsafeFallback'] )
-			|| $policyConfig['unsafeFallback'] )
+		if ( !isset( $policyConfig['unsafeFallback'] )
+			|| $policyConfig['unsafeFallback']
 		) {
 			// unsafe-inline should be ignored on browsers
 			// that support 'nonce-foo' sources.