- last update
9 months ago 7 pass - @gapple opened merge request.
Currently if any directive already includes 'unsafe-inline'
, the module will not add a hash or nonce since it may block functionality.
// Don't make any modifications if closest enabled fallback uses
// 'unsafe-inline'.
if (in_array(Csp::POLICY_UNSAFE_INLINE, $fallbackValue)) {
return;
}
If the directive also already includes a hash or nonce, however, the new values should be added.
When a directive includes 'unsafe-inline'
, only skip modifying the directive if it also does not contain a hash or nonce source.
Active
1.0
Code
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.