[FEATURE][ARCI-143] Add "on/off" switch (configuration setting) to to…

…ggle reporting on and off by NOT returning the reporting url csp_reporting.php when the reporting setting is disabled. Default is enabled.

Plugin/Magento/Csp/Api/Data/ModeConfiguredInterface.php

@@ -0,0 +1,46 @@
+<?php
+/**
+ * Copyright © Experius B.V. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+namespace Experius\Csp\Plugin\Magento\Csp\Api\Data;
+
+use Magento\Framework\App\Config\ScopeConfigInterface;
+
+class ModeConfiguredInterface
+{
+    const XML_PATH_CSP_REPORTING_ENABLED = 'experius_csp/general/reporting_enabled';
+
+    /**
+     * @var ScopeConfigInterface
+     */
+    protected $scopeConfig;
+
+    public function __construct(
+        ScopeConfigInterface $scopeConfig
+    ) {
+        $this->scopeConfig = $scopeConfig;
+    }
+
+    /**
+     * After getReportUri() plugin to be able to disable Content Security Policy reporting using configuration
+     *
+     * @param \Magento\Csp\Api\Data\ModeConfiguredInterface $subject
+     * @param $result
+     * @return string
+     * @SuppressWarnings(PHPMD.UnusedFormalParameter)
+     */
+    public function afterGetReportUri(
+        \Magento\Csp\Api\Data\ModeConfiguredInterface $subject,
+        $result
+    ): ?string {
+        if (!$this->scopeConfig->isSetFlag(self::XML_PATH_CSP_REPORTING_ENABLED)) {
+            // Return empty reporting url to disable reporting
+            return null;
+        }
+
+        return $result;
+    }
+}

etc/adminhtml/system.xml

@@ -14,6 +14,11 @@
                     <label>add_all_storefront_urls</label>
                     <comment>This adds all base urls of the available storefronts for this Magento installation to the csp_whitelist.</comment>
                 </field>
+                <field id="reporting_enabled" type="select" sortOrder="20" showInDefault="1" showInWebsite="0" showInStore="0" translate="label comment">
+                    <label>Reporting enabled</label>
+                    <comment>Disable to stop reporting to database temporarily.</comment>
+                    <source_model>Magento\Config\Model\Config\Source\Yesno</source_model>
+                </field>
             </group>
         </section>
     </system>

etc/config.xml

@@ -15,6 +15,7 @@
         <experius_csp>
             <general>
                 <add_all_storefront_urls>1</add_all_storefront_urls>
+                <reporting_enabled>1</reporting_enabled>
             </general>
         </experius_csp>
     </default>

etc/di.xml

@@ -18,13 +18,20 @@
 		</arguments>
 	</type>
 	<type name="Magento\Framework\App\Response\HttpInterface">
-		<plugin disabled="false" name="Experius_Csp_Plugin_Magento_Framework_App_Response_HttpInterface" sortOrder="10" type="Experius\Csp\Plugin\Magento\Framework\App\Response\HttpInterface"/>
+		<plugin name="Experius_Csp_Plugin_Magento_Framework_App_Response_HttpInterface"
+				type="Experius\Csp\Plugin\Magento\Framework\App\Response\HttpInterface"
+				sortOrder="10"/>
+	</type>
+	<type name="Magento\Csp\Api\Data\ModeConfiguredInterface">
+		<plugin name="Experius_Csp_Plugin_Magento_Csp_Api_Data_ModeConfiguredInterface"
+				type="Experius\Csp\Plugin\Magento\Csp\Api\Data\ModeConfiguredInterface"
+				sortOrder="9999"/>
+	</type>
+	<type name="Magento\Csp\Model\CompositePolicyCollector">
+		<arguments>
+			<argument name="collectors" xsi:type="array">
+				<item name="200" xsi:type="object">Experius\Csp\Model\Collector\DynamicCollector</item>
+			</argument>
+		</arguments>
 	</type>
-    <type name="Magento\Csp\Model\CompositePolicyCollector">
-        <arguments>
-            <argument name="collectors" xsi:type="array">
-                <item name="200" xsi:type="object">Experius\Csp\Model\Collector\DynamicCollector</item>
-            </argument>
-        </arguments>
-    </type>
 </config>