Add hashes if directive already has hash or nonce

Created on 22 December 2021, about 3 years ago
Updated 31 July 2024, 5 months ago

Problem/Motivation

Currently if any directive already includes 'unsafe-inline', the module will not add a hash or nonce since it may block functionality.

// Don't make any modifications if closest enabled fallback uses
// 'unsafe-inline'.
if (in_array(Csp::POLICY_UNSAFE_INLINE, $fallbackValue)) {
  return;
}

If the directive also already includes a hash or nonce, however, the new values should be added.

Proposed resolution

When a directive includes 'unsafe-inline', only skip modifying the directive if it also does not contain a hash or nonce source.

🐛 Bug report
Status

Needs work

Version

1.0

Component

Code

Created by

🇨🇦Canada gapple

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Production build 0.71.5 2024