Issue #3251172: Add utility methods for adding CSP information

src/EventSubscriber/CoreCspSubscriber.php

@@ -70,15 +70,7 @@ class CoreCspSubscriber implements EventSubscriberInterface {
       // @see https://www.drupal.org/project/csp/issues/3100084
       // The CSP Extras module alters core to not require 'unsafe-inline'.
       if (in_array('core/drupal.ajax', $libraries) && !$this->moduleHandler->moduleExists('csp_extras')) {
-        // Prevent script-src-attr from falling back to script-src and having
-        // 'unsafe-inline' enabled.
-        $policy->fallbackAwareAppendIfEnabled('script-src-attr', []);
-        $policy->fallbackAwareAppendIfEnabled('script-src', [Csp::POLICY_UNSAFE_INLINE]);
-        $policy->fallbackAwareAppendIfEnabled('script-src-elem', [Csp::POLICY_UNSAFE_INLINE]);
-
-        $policy->fallbackAwareAppendIfEnabled('style-src-attr', []);
-        $policy->fallbackAwareAppendIfEnabled('style-src', [Csp::POLICY_UNSAFE_INLINE]);
-        $policy->fallbackAwareAppendIfEnabled('style-src-elem', [Csp::POLICY_UNSAFE_INLINE]);
+        $policy->allowScriptSrcElem(Csp::POLICY_UNSAFE_INLINE);
       }
 
       // Quickedit loads ckeditor after an AJAX request, so alter needs to be
@@ -87,17 +79,14 @@ class CoreCspSubscriber implements EventSubscriberInterface {
 
       // CKEditor requires script attribute on interface buttons.
       if (in_array('core/ckeditor', $libraries) || $quickedit) {
-        $policy->fallbackAwareAppendIfEnabled('script-src-elem', []);
-        $policy->fallbackAwareAppendIfEnabled('script-src', [Csp::POLICY_UNSAFE_INLINE]);
-        $policy->fallbackAwareAppendIfEnabled('script-src-attr', [Csp::POLICY_UNSAFE_INLINE]);
+        $policy->allowScriptSrcAttr(Csp::POLICY_UNSAFE_INLINE);
       }
 
       // Inline style element is added by ckeditor.off-canvas-css-reset.js.
       // @see https://www.drupal.org/project/drupal/issues/2952390
       if (in_array('ckeditor/drupal.ckeditor', $libraries) || $quickedit) {
-        $policy->fallbackAwareAppendIfEnabled('style-src', [Csp::POLICY_UNSAFE_INLINE]);
-        $policy->fallbackAwareAppendIfEnabled('style-src-attr', [Csp::POLICY_UNSAFE_INLINE]);
-        $policy->fallbackAwareAppendIfEnabled('style-src-elem', [Csp::POLICY_UNSAFE_INLINE]);
+        $policy->allowStyleSrcElem(Csp::POLICY_UNSAFE_INLINE);
+        $policy->allowStyleSrcAttr(Csp::POLICY_UNSAFE_INLINE);
       }
 
       $umamiFontLibraries = [
@@ -108,7 +97,7 @@ class CoreCspSubscriber implements EventSubscriberInterface {
         'umami/webfonts-scope-one',
       ];
       if (!empty(array_intersect($libraries, $umamiFontLibraries))) {
-        $policy->fallbackAwareAppendIfEnabled('font-src', ['https://fonts.gstatic.com']);
+        $policy->allowFontSrc('https://fonts.gstatic.com');
       }
     }
   }