docs: use getCSP() instead of CSP property

The CSP property is deprecated.

Author: kenjis

user_guide_src/source/outgoing/response.rst

@@ -170,7 +170,7 @@ call basis, by providing an optional second parameter to the adding method call.
 Runtime Configuration
 ---------------------
 
-If your application needs to make changes at run-time, you can access the instance at ``$this->response->CSP`` in your controllers. The
+If your application needs to make changes at run-time, you can access the instance at ``$this->response->getCSP()`` in your controllers. The
 class holds a number of methods that map pretty clearly to the appropriate header value that you need to set.
 Examples are shown below, with different combinations of parameters, though all accept either a directive
 name or an array of them:

user_guide_src/source/outgoing/response/012.php

@@ -1,30 +1,33 @@
 <?php
 
+// get the CSP instance
+$csp = $this->response->getCSP();
+
 // specify the default directive treatment
-$this->response->CSP->reportOnly(false);
+$csp->reportOnly(false);
 
 // specify the origin to use if none provided for a directive
-$this->response->CSP->setDefaultSrc('cdn.example.com');
+$csp->setDefaultSrc('cdn.example.com');
 
 // specify the URL that "report-only" reports get sent to
-$this->response->CSP->setReportURI('http://example.com/csp/reports');
+$csp->setReportURI('http://example.com/csp/reports');
 
 // specify that HTTP requests be upgraded to HTTPS
-$this->response->CSP->upgradeInsecureRequests(true);
+$csp->upgradeInsecureRequests(true);
 
 // add types or origins to CSP directives
 // assuming that the default treatment is to block rather than just report
-$this->response->CSP->addBaseURI('example.com', true); // report only
-$this->response->CSP->addChildSrc('https://youtube.com'); // blocked
-$this->response->CSP->addConnectSrc('https://*.facebook.com', false); // blocked
-$this->response->CSP->addFontSrc('fonts.example.com');
-$this->response->CSP->addFormAction('self');
-$this->response->CSP->addFrameAncestor('none', true); // report this one
-$this->response->CSP->addImageSrc('cdn.example.com');
-$this->response->CSP->addMediaSrc('cdn.example.com');
-$this->response->CSP->addManifestSrc('cdn.example.com');
-$this->response->CSP->addObjectSrc('cdn.example.com', false); // reject from here
-$this->response->CSP->addPluginType('application/pdf', false); // reject this media type
-$this->response->CSP->addScriptSrc('scripts.example.com', true); // allow but report requests from here
-$this->response->CSP->addStyleSrc('css.example.com');
-$this->response->CSP->addSandbox(['allow-forms', 'allow-scripts']);
+$csp->addBaseURI('example.com', true); // report only
+$csp->addChildSrc('https://youtube.com'); // blocked
+$csp->addConnectSrc('https://*.facebook.com', false); // blocked
+$csp->addFontSrc('fonts.example.com');
+$csp->addFormAction('self');
+$csp->addFrameAncestor('none', true); // report this one
+$csp->addImageSrc('cdn.example.com');
+$csp->addMediaSrc('cdn.example.com');
+$csp->addManifestSrc('cdn.example.com');
+$csp->addObjectSrc('cdn.example.com', false); // reject from here
+$csp->addPluginType('application/pdf', false); // reject this media type
+$csp->addScriptSrc('scripts.example.com', true); // allow but report requests from here
+$csp->addStyleSrc('css.example.com');
+$csp->addSandbox(['allow-forms', 'allow-scripts']);

user_guide_src/source/outgoing/response/013.php

@@ -1,6 +1,9 @@
 <?php
 
-$this->response->CSP->addChildSrc('https://youtube.com'); // allowed
-$this->response->CSP->reportOnly(true);
-$this->response->CSP->addChildSrc('https://metube.com'); // allowed but reported
-$this->response->CSP->addChildSrc('https://ourtube.com', false); // allowed
+// get the CSP instance
+$csp = $this->response->getCSP();
+
+$csp->addChildSrc('https://youtube.com'); // allowed
+$csp->reportOnly(true);
+$csp->addChildSrc('https://metube.com'); // allowed but reported
+$csp->addChildSrc('https://ourtube.com', false); // allowed