- last update
over 1 year ago 7 pass - @gapple opened merge request.
- Status changed to Needs work
5 months ago 11:56pm 31 July 2024 - 🇨🇦Canada gapple
This should use the helpers added by ✨ Add helper for safely appending nonce/hash sources Fixed
Currently if any directive already includes 'unsafe-inline'
, the module will not add a hash or nonce since it may block functionality.
// Don't make any modifications if closest enabled fallback uses
// 'unsafe-inline'.
if (in_array(Csp::POLICY_UNSAFE_INLINE, $fallbackValue)) {
return;
}
If the directive also already includes a hash or nonce, however, the new values should be added.
When a directive includes 'unsafe-inline'
, only skip modifying the directive if it also does not contain a hash or nonce source.
Needs work
1.0
Code
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.
This should use the helpers added by ✨ Add helper for safely appending nonce/hash sources Fixed