Merge pull request #48 from iangcarroll/feature/delete-directive

Add a removeDirective function to remove directives

src/CSPBuilder.php

@@ -623,6 +623,22 @@ public function setDirective(string $key, $value = []): self
         return $this;
     }
 
+    /**
+     * Removes a directive.
+     *
+     * This allows removing a directive if the presence of it might cause
+     * undesired behavioral changes.
+     *
+     * @param string $key
+     *
+     * @return self
+     */
+    public function removeDirective(string $key): self
+    {
+        unset($this->policies[$key]);
+        return $this;
+    }
+
     /**
      * Allow/disallow filesystem: URIs for a given directive
      *

test/BasicTest.php

@@ -240,4 +240,24 @@ public function testSandbox()
 
         $this->assertEquals($compiled, 'sandbox allow-popups-to-escape-sandbox; ');
     }
+
+    /**
+     * @covers \ParagonIE\CSPBuilder\CSPBuilder
+     */
+    public function testRemovingDirectives()
+    {
+        $csp = new CSPBuilder();
+        $csp->addSource('frame-ancestors', 'https://example.com');
+        $csp->addSource('style-src', 'https://example.com');
+        $compiled = $csp->compile();
+
+        $this->assertContains('frame-ancestors https://example.com', $compiled);
+        $this->assertContains('style-src https://example.com', $compiled);
+
+        $csp->removeDirective('style-src');
+        $compiled = $csp->compile();
+
+        $this->assertContains('frame-ancestors https://example.com', $compiled);
+        $this->assertNotContains('style-src https://example.com', $compiled);
+    }
 }