soeren/fotospiel-app
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Relax style-src-elem to allow inline

Browse Source
This commit is contained in:
Codex Agent
2026-01-24 23:41:53 +01:00
parent 86b7eddd47
commit 4e65fe1d5f
2 changed files with 7 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
app/Http/Middleware/ContentSecurityPolicy.php
View File

@@ -118,7 +118,11 @@ class ContentSecurityPolicy
$styleSources[] = 'data:';
$connectSources[] = 'https:';
$fontSources[] = 'https:';
$styleElemSources = array_unique(array_merge($styleSources, ["'unsafe-inline'"]));
$styleElemSources = array_values(array_filter(
$styleSources,
static fn (string $source): bool => ! str_starts_with($source, "'nonce-")
));
$styleElemSources = array_unique(array_merge($styleElemSources, ["'unsafe-inline'"]));
$directives = [
'default-src' => ["'self'"],