*/ declare(strict_types=1); namespace oat\ltiDeliveryProvider\model\session\DataAccess\Factory; use common_http_Request as Request; use oat\tao\model\security\Business\Contract\SecuritySettingsRepositoryInterface; use oat\tao\model\service\InjectionAwareService; use oat\tao\model\session\Business\Contract\SessionCookieAttributesFactoryInterface; use oat\tao\model\session\Business\Domain\SessionCookieAttribute; use oat\tao\model\session\Business\Domain\SessionCookieAttributeCollection; use oat\taoLti\models\classes\LtiLaunchData; class SessionCookieAttributesFactory extends InjectionAwareService implements SessionCookieAttributesFactoryInterface { public const SERVICE_ID = 'taoLti/SessionCookieAttributesFactory'; /** @var SessionCookieAttributesFactoryInterface */ private $sessionCookieAttributesFactory; /** @var SecuritySettingsRepositoryInterface */ private $securitySettingsRepository; public function __construct( SessionCookieAttributesFactoryInterface $sessionCookieAttributesFactory, SecuritySettingsRepositoryInterface $securitySettingsRepository ) { parent::__construct(); $this->sessionCookieAttributesFactory = $sessionCookieAttributesFactory; $this->securitySettingsRepository = $securitySettingsRepository; } public function create(): SessionCookieAttributeCollection { $attributes = $this->sessionCookieAttributesFactory->create(); if (!$this->createLtiLaunchData()->hasVariable(LtiLaunchData::LTI_VERSION)) { return $attributes; } $whitelistedSources = $this->securitySettingsRepository->findAll()->findContentSecurityPolicy()->getValue(); if (!in_array($whitelistedSources, ['*', 'list'], true)) { return $attributes; } return $attributes ->add(new SessionCookieAttribute('samesite', 'none')); } protected function createLtiLaunchData(): LtiLaunchData { return LtiLaunchData::fromRequest(Request::currentRequest()); } }