Loading src/Config/SecKitOverrides.php +10 −0 Original line number Diff line number Diff line Loading @@ -77,6 +77,16 @@ class SecKitOverrides implements ConfigFactoryOverrideInterface { if ($script_src = $seckitConfig->get('seckit_xss.csp.script-src') ?: $seckitConfig->get('seckit_xss.csp.default-src')) { $overrides['seckit.settings']['seckit_xss']['csp']['script-src'] = implode(' ', array_merge([$script_src], $src)); } if ($img_src = $seckitConfig->get('seckit_xss.csp.img-src') ?: $seckitConfig->get('seckit_xss.csp.default-src')) { $img = explode(' ', $img_src); $img[] = 'data:'; $overrides['seckit.settings']['seckit_xss']['csp']['img-src'] = implode(' ', array_unique($img)); } if ($style_src = $seckitConfig->get('seckit_xss.csp.style-src') ?: $seckitConfig->get('seckit_xss.csp.default-src')) { $style = explode(' ', $style_src); $style[] = "'unsafe-inline'"; $overrides['seckit.settings']['seckit_xss']['csp']['style-src'] = implode(' ', array_unique($style)); } } if ($connect_src = $seckitConfig->get('seckit_xss.csp.connect-src') ?: $seckitConfig->get('seckit_xss.csp.default-src')) { $connect = [ Loading src/EventSubscriber/CspSubscriber.php +3 −0 Original line number Diff line number Diff line Loading @@ -80,6 +80,9 @@ class CspSubscriber implements EventSubscriberInterface { self::fallbackAwareAppendIfEnabled($alterEvent->getPolicy(), 'script-src', $src); self::fallbackAwareAppendIfEnabled($alterEvent->getPolicy(), 'script-src-elem', $src); $connect = array_merge($connect, $src); self::fallbackAwareAppendIfEnabled($alterEvent->getPolicy(), 'img-src', 'data:'); self::fallbackAwareAppendIfEnabled($alterEvent->getPolicy(), 'style-src', "'unsafe-inline'"); self::fallbackAwareAppendIfEnabled($alterEvent->getPolicy(), 'style-src-elem', "'unsafe-inline'"); } self::fallbackAwareAppendIfEnabled($alterEvent->getPolicy(), 'connect-src', $connect); } Loading Loading
src/Config/SecKitOverrides.php +10 −0 Original line number Diff line number Diff line Loading @@ -77,6 +77,16 @@ class SecKitOverrides implements ConfigFactoryOverrideInterface { if ($script_src = $seckitConfig->get('seckit_xss.csp.script-src') ?: $seckitConfig->get('seckit_xss.csp.default-src')) { $overrides['seckit.settings']['seckit_xss']['csp']['script-src'] = implode(' ', array_merge([$script_src], $src)); } if ($img_src = $seckitConfig->get('seckit_xss.csp.img-src') ?: $seckitConfig->get('seckit_xss.csp.default-src')) { $img = explode(' ', $img_src); $img[] = 'data:'; $overrides['seckit.settings']['seckit_xss']['csp']['img-src'] = implode(' ', array_unique($img)); } if ($style_src = $seckitConfig->get('seckit_xss.csp.style-src') ?: $seckitConfig->get('seckit_xss.csp.default-src')) { $style = explode(' ', $style_src); $style[] = "'unsafe-inline'"; $overrides['seckit.settings']['seckit_xss']['csp']['style-src'] = implode(' ', array_unique($style)); } } if ($connect_src = $seckitConfig->get('seckit_xss.csp.connect-src') ?: $seckitConfig->get('seckit_xss.csp.default-src')) { $connect = [ Loading
src/EventSubscriber/CspSubscriber.php +3 −0 Original line number Diff line number Diff line Loading @@ -80,6 +80,9 @@ class CspSubscriber implements EventSubscriberInterface { self::fallbackAwareAppendIfEnabled($alterEvent->getPolicy(), 'script-src', $src); self::fallbackAwareAppendIfEnabled($alterEvent->getPolicy(), 'script-src-elem', $src); $connect = array_merge($connect, $src); self::fallbackAwareAppendIfEnabled($alterEvent->getPolicy(), 'img-src', 'data:'); self::fallbackAwareAppendIfEnabled($alterEvent->getPolicy(), 'style-src', "'unsafe-inline'"); self::fallbackAwareAppendIfEnabled($alterEvent->getPolicy(), 'style-src-elem', "'unsafe-inline'"); } self::fallbackAwareAppendIfEnabled($alterEvent->getPolicy(), 'connect-src', $connect); } Loading
