Notice: Uninitialized string offset: 0

Created on 18 November 2024, 5 months ago

Problem/Motivation

The following notice is displayed after the CSP header is built:

Notice: Uninitialized string offset: 0 in Drupal\csp\Csp::Drupal\csp\{closure}() (line 515 of modules/contrib/csp/src/Csp.php).

Drupal\csp\Csp::Drupal\csp\{closure}('')
array_filter(Array, Object) (Line: 520)
Drupal\csp\Csp::reduceAttrSourceList(Array) (Line: 430)
Drupal\csp\Csp->getHeaderValue() (Line: 181)
Drupal\csp\EventSubscriber\ResponseCspSubscriber->onKernelResponse(Object, 'kernel.response', Object)

After some debugging I discovered it's caused by a library provided by the extlink module:

extlink.settings:
  js:
    /extlink/settings.js: { type: external, preprocess: false }
  dependencies:
    - core/drupalSettings

It's marked as external, but the path points to a route provided by the module. I'm pretty sure this behaviour of using the site url if an external library has a relative path is documented, but since it's there and being used by contrib modules we should probably account for it.

Steps to reproduce

Enable the extlink module, enable a CSP policy and visit any public page.

Proposed resolution

Account for external library urls possibly being relative.

🐛 Bug report

Status

Active

Version

2.0

Component

Code

Created by

🇧🇪Belgium dieterholvoet Brussels

Live updates comments and jobs are added and updated live.

Comments & Activities

Issue created by @dieterholvoet
Comment 5 months ago →
🇧🇪Belgium dieterholvoet Brussels

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024