Support for Content Security Policy style-src-elem and script-src-elem in WebProfiler
If a `style-src-elem` or `script-src-elem` Content Security Policy exist, the WebProfiler Styles or Scripts will be rejected as the nonce is missing.
This commit is contained in:
parent
5da141b8d0
commit
7f33f1fa3a
@ -128,7 +128,7 @@ class ContentSecurityPolicyHandler
|
|||||||
$headers = $this->getCspHeaders($response);
|
$headers = $this->getCspHeaders($response);
|
||||||
|
|
||||||
foreach ($headers as $header => $directives) {
|
foreach ($headers as $header => $directives) {
|
||||||
foreach (['script-src' => 'csp_script_nonce', 'style-src' => 'csp_style_nonce'] as $type => $tokenName) {
|
foreach (['script-src' => 'csp_script_nonce', 'script-src-elem' => 'csp_script_nonce', 'style-src' => 'csp_style_nonce', 'style-src-elem' => 'csp_style_nonce'] as $type => $tokenName) {
|
||||||
if ($this->authorizesInline($directives, $type)) {
|
if ($this->authorizesInline($directives, $type)) {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
Reference in New Issue
Block a user