Add in support for Content Security Policy nonce and <hash-algorithm>-<base64-value>

Created on 27 March 2018, over 6 years ago

Updated 10 January 2024, 11 months ago

Merging in all the Content-Security-Policy header values in addition to script-src sha256-... is going to be tricky.

✨ Feature request

Status

Needs review

Version

2.0

Component

Code

Created by

🇺🇸United States mikeytown2

Live updates comments and jobs are added and updated live.

Incomplete comments

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Comment 11 months ago →
🇪🇸Spain juandels3 Seville
Patch #5 ✨ Add in support for Content Security Policy nonce and - Needs review works correctly for me. After testing from Mozilla Observatory, I continued to have a loss of points in the SRI directive. Thanks to this tool I was able to locate those resources that were not loading in SRI compliance, and I was able to modify them and add "Integrity" and "Crossorigin" to them via a hook_js_alter

Production build 0.71.5 2024