56dadb3478
- EmbedRedirectFilter 추가: 임베드(embed=1) 요청의 리다이렉트 Location에 embed 유지(중첩 셸 방지) - bag/* 전체에 loginAuth 적용, 임베드 대시보드 로그아웃 시 로그인으로 이동 - 기본코드 종류 선택 시 embed 유지, 일괄입고 오류 복귀를 명시 URL로(back() 제거) Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
120 lines
3.9 KiB
PHP
120 lines
3.9 KiB
PHP
<?php
|
|
|
|
namespace Config;
|
|
|
|
use CodeIgniter\Config\Filters as BaseFilters;
|
|
use CodeIgniter\Filters\Cors;
|
|
use CodeIgniter\Filters\CSRF;
|
|
use CodeIgniter\Filters\DebugToolbar;
|
|
use CodeIgniter\Filters\ForceHTTPS;
|
|
use CodeIgniter\Filters\Honeypot;
|
|
use CodeIgniter\Filters\InvalidChars;
|
|
use CodeIgniter\Filters\PageCache;
|
|
use CodeIgniter\Filters\PerformanceMetrics;
|
|
use CodeIgniter\Filters\SecureHeaders;
|
|
|
|
class Filters extends BaseFilters
|
|
{
|
|
/**
|
|
* Configures aliases for Filter classes to
|
|
* make reading things nicer and simpler.
|
|
*
|
|
* @var array<string, class-string|list<class-string>>
|
|
*
|
|
* [filter_name => classname]
|
|
* or [filter_name => [classname1, classname2, ...]]
|
|
*/
|
|
public array $aliases = [
|
|
'adminAuth' => \App\Filters\AdminAuthFilter::class,
|
|
'loginAuth' => \App\Filters\LoginAuthFilter::class,
|
|
'embedRedirect' => \App\Filters\EmbedRedirectFilter::class,
|
|
'csrf' => CSRF::class,
|
|
'toolbar' => DebugToolbar::class,
|
|
'honeypot' => Honeypot::class,
|
|
'invalidchars' => InvalidChars::class,
|
|
'secureheaders' => SecureHeaders::class,
|
|
'cors' => Cors::class,
|
|
'forcehttps' => ForceHTTPS::class,
|
|
'pagecache' => PageCache::class,
|
|
'performance' => PerformanceMetrics::class,
|
|
];
|
|
|
|
/**
|
|
* List of special required filters.
|
|
*
|
|
* The filters listed here are special. They are applied before and after
|
|
* other kinds of filters, and always applied even if a route does not exist.
|
|
*
|
|
* Filters set by default provide framework functionality. If removed,
|
|
* those functions will no longer work.
|
|
*
|
|
* @see https://codeigniter.com/user_guide/incoming/filters.html#provided-filters
|
|
*
|
|
* @var array{before: list<string>, after: list<string>}
|
|
*/
|
|
public array $required = [
|
|
'before' => [
|
|
'forcehttps', // Force Global Secure Requests
|
|
'pagecache', // Web Page Caching
|
|
],
|
|
'after' => [
|
|
'pagecache', // Web Page Caching
|
|
'performance', // Performance Metrics
|
|
'toolbar', // Debug Toolbar
|
|
],
|
|
];
|
|
|
|
/**
|
|
* List of filter aliases that are always
|
|
* applied before and after every request.
|
|
*
|
|
* @var array{
|
|
* before: array<string, array{except: list<string>|string}>|list<string>,
|
|
* after: array<string, array{except: list<string>|string}>|list<string>
|
|
* }
|
|
*/
|
|
public array $globals = [
|
|
'before' => [
|
|
// 'honeypot',
|
|
// 'csrf',
|
|
// 'invalidchars',
|
|
],
|
|
'after' => [
|
|
// 'honeypot',
|
|
// 'secureheaders',
|
|
'embedRedirect', // 임베드(탭) 리다이렉트에 embed=1 유지 → 중첩 셸 방지
|
|
],
|
|
];
|
|
|
|
/**
|
|
* List of filter aliases that works on a
|
|
* particular HTTP method (GET, POST, etc.).
|
|
*
|
|
* Example:
|
|
* 'POST' => ['foo', 'bar']
|
|
*
|
|
* If you use this, you should disable auto-routing because auto-routing
|
|
* permits any HTTP method to access a controller. Accessing the controller
|
|
* with a method you don't expect could bypass the filter.
|
|
*
|
|
* @var array<string, list<string>>
|
|
*/
|
|
public array $methods = [];
|
|
|
|
/**
|
|
* List of filter aliases that should run on any
|
|
* before or after URI patterns.
|
|
*
|
|
* Example:
|
|
* 'isLoggedIn' => ['before' => ['account/*', 'profiles/*']]
|
|
*
|
|
* @var array<string, array<string, list<string>>>
|
|
*/
|
|
public array $filters = [
|
|
// 모든 업무(bag) 화면은 로그인 필요. 세션 만료 후 어떤 버튼을 눌러도
|
|
// 깨진 화면 대신 로그인으로 리다이렉트되도록 일괄 보호한다.
|
|
// (login/logout/register 는 bag/* 가 아니므로 영향 없음. 관리자 화면은 adminAuth 가 별도 처리)
|
|
'loginAuth' => ['before' => ['bag', 'bag/*']],
|
|
];
|
|
}
|