From fdd7ee4cf0d488beb022d9fb53abd3573dc55e9d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alexander=20Rie=C3=9F?= Date: Tue, 17 Mar 2026 08:39:57 +0100 Subject: [PATCH] Only store and reload page if necessary --- application/controllers/ConfigController.php | 8 ++-- .../forms/Config/General/CspConfigForm.php | 38 +++++++++++++++---- 2 files changed, 35 insertions(+), 11 deletions(-) diff --git a/application/controllers/ConfigController.php b/application/controllers/ConfigController.php index 4f945bacb..a63deceb9 100644 --- a/application/controllers/ConfigController.php +++ b/application/controllers/ConfigController.php @@ -29,6 +29,7 @@ use Icinga\Web\Controller; use Icinga\Web\Notification; use Icinga\Web\Url; use Icinga\Web\Widget; +use ipl\Html\Contract\Form as ContractForm; use ipl\Html\Form; /** @@ -118,9 +119,8 @@ class ConfigController extends Controller 'custom_csp' => $config->get('security', 'custom_csp'), ]); - $cspForm->on(Form::ON_SUBMIT, function (Form $form) use ($config) { - $useCsp = $form->getValue('use_strict_csp') === 'y'; - if ($useCsp) { + $cspForm->on(ContractForm::ON_SUBMIT, function (CspConfigForm $form) use ($config) { + if ($form->isCspEnabled() && $form->hasConfigChanged()) { $this->getResponse()->setReloadWindow(true); } Notification::success($this->translate('Content-Security-Policy updated')); @@ -128,7 +128,7 @@ class ConfigController extends Controller $cspForm->handleRequest(ServerRequest::fromGlobals()); $this->view->cspForm = $cspForm; - if ($cspForm->getValue('use_strict_csp') === 'y') { + if ($cspForm->isCspEnabled()) { $this->view->cspTable = (new CspConfigurationTable())->render(); } else { $this->view->cspTable = ''; diff --git a/application/forms/Config/General/CspConfigForm.php b/application/forms/Config/General/CspConfigForm.php index 2ba477d95..524f2da4f 100644 --- a/application/forms/Config/General/CspConfigForm.php +++ b/application/forms/Config/General/CspConfigForm.php @@ -18,6 +18,8 @@ class CspConfigForm extends CompatForm use FormUid; use CsrfCounterMeasure; + protected bool $changed = false; + public function __construct(protected Config $config) { $this->setAttribute("name", "csp_config"); @@ -43,7 +45,7 @@ class CspConfigForm extends CompatForm ], ); - if ($this->getValue('use_strict_csp') !== 'y') { + if (! $this->isCspEnabled()) { $this->addElement('hidden', 'use_custom_csp'); $this->addElement('hidden', 'custom_csp'); } else { @@ -59,7 +61,7 @@ class CspConfigForm extends CompatForm ], ); - if ($this->getValue('use_custom_csp') === 'y') { + if ($this->isCustomCspEnabled()) { $this->addHtml((new Callout( CalloutType::Warning, $this->translate( @@ -103,17 +105,39 @@ class CspConfigForm extends CompatForm $config = Config::app(); $section = $config->getSection('security'); + $beforeSection = clone $section; $section['use_strict_csp'] = $this->getValue('use_strict_csp'); - $useCsp = $this->getPopulatedValue('use_strict_csp', 'n') === 'y'; - if ($useCsp) { + if ($this->isCspEnabled()) { $section['use_custom_csp'] = $this->getValue('use_custom_csp'); - $useCustomCsp = $this->getPopulatedValue('use_custom_csp', 'n') === 'y'; - if ($useCustomCsp) { + if ($this->isCustomCspEnabled()) { $section['custom_csp'] = $this->getValue('custom_csp'); } } - $config->setSection('security', $section); + + $this->changed = ! empty(array_diff_assoc( + iterator_to_array($section), + iterator_to_array($beforeSection) + )); + + if (! $this->changed) { + return; + } $config->saveIni(); } + + public function hasConfigChanged(): bool + { + return $this->changed; + } + + public function isCspEnabled(): bool + { + return $this->getValue('use_strict_csp') === 'y'; + } + + public function isCustomCspEnabled(): bool + { + return $this->getValue('use_custom_csp') === 'y'; + } }