Add hashes if directive already has hash or nonce

Created on 22 December 2021, over 2 years ago

Updated 23 September 2023, 9 months ago

Problem/Motivation

Currently if any directive already includes 'unsafe-inline', the module will not add a hash or nonce since it may block functionality.

// Don't make any modifications if closest enabled fallback uses
// 'unsafe-inline'.
if (in_array(Csp::POLICY_UNSAFE_INLINE, $fallbackValue)) {
  return;
}

If the directive also already includes a hash or nonce, however, the new values should be added.

Proposed resolution

When a directive includes 'unsafe-inline', only skip modifying the directive if it also does not contain a hash or nonce source.

🐛 Bug report

Status

Active

Version

1.0

Component

Code

Created by

🇨🇦Canada gapple

Live updates comments and jobs are added and updated live.

Incomplete comments

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Open in Jenkins → Open on Drupal.org →
Core: 9.5.x + Environment: PHP 7.4 & MySQL 8
last update 9 months ago
7 pass
@gapple opened merge request.

contrib.social Blog FAQ Discussions

Production build 0.69.0 2024