Support for Content Security Policy style-src-elem and script-src-elem in WebProfiler
If a `style-src-elem` or `script-src-elem` Content Security Policy exist, the WebProfiler Styles or Scripts will be rejected as the nonce is missing.
This commit is contained in:
parent
5da141b8d0
commit
7f33f1fa3a
@ -128,7 +128,7 @@ class ContentSecurityPolicyHandler
|
||||
$headers = $this->getCspHeaders($response);
|
||||
|
||||
foreach ($headers as $header => $directives) {
|
||||
foreach (['script-src' => 'csp_script_nonce', 'style-src' => 'csp_style_nonce'] as $type => $tokenName) {
|
||||
foreach (['script-src' => 'csp_script_nonce', 'script-src-elem' => 'csp_script_nonce', 'style-src' => 'csp_style_nonce', 'style-src-elem' => 'csp_style_nonce'] as $type => $tokenName) {
|
||||
if ($this->authorizesInline($directives, $type)) {
|
||||
continue;
|
||||
}
|
||||
|
Reference in New Issue
Block a user