soeren/fotospiel-app
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Fix CSP nonce timing for admin styles
Some checks failed
linter / quality (push) Has been cancelled
Details
tests / ci (push) Has been cancelled
Details
tests / ui (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Codex Agent
2026-01-24 20:54:23 +01:00
parent 2b4d9e9411
commit 71604c6e41
3 changed files with 11 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
app/Http/Middleware/ContentSecurityPolicy.php
View File

@@ -123,6 +123,7 @@ class ContentSecurityPolicy
'default-src' => ["'self'"], 'default-src' => ["'self'"],
'script-src' => array_unique($scriptSources), 'script-src' => array_unique($scriptSources),
'style-src' => array_unique($styleSources), 'style-src' => array_unique($styleSources),
'style-src-attr' => ["'unsafe-inline'"],
'img-src' => array_unique($imgSources), 'img-src' => array_unique($imgSources),
'font-src' => array_unique($fontSources), 'font-src' => array_unique($fontSources),
'connect-src' => array_unique($connectSources), 'connect-src' => array_unique($connectSources),

10
resources/js/admin/main.tsx
View File

@@ -1,10 +1,10 @@
import './nonce';
import React, { Suspense } from 'react'; import React, { Suspense } from 'react';
import { createRoot } from 'react-dom/client'; import { createRoot } from 'react-dom/client';
import { RouterProvider } from 'react-router-dom'; import { RouterProvider } from 'react-router-dom';
import { Toaster } from 'react-hot-toast'; import { Toaster } from 'react-hot-toast';
import { QueryClient, QueryClientProvider } from '@tanstack/react-query'; import { QueryClient, QueryClientProvider } from '@tanstack/react-query';
import { TamaguiProvider, Theme } from '@tamagui/core'; import { TamaguiProvider, Theme } from '@tamagui/core';
import { setNonce } from '@tamagui/web';
import '@tamagui/core/reset.css'; import '@tamagui/core/reset.css';
import tamaguiConfig from '../../../tamagui.config'; import tamaguiConfig from '../../../tamagui.config';
import { AuthProvider } from './auth/context'; import { AuthProvider } from './auth/context';
@@ -24,14 +24,6 @@ const DevTenantSwitcher = React.lazy(() => import('./DevTenantSwitcher'));
const enableDevSwitcher = import.meta.env.DEV || import.meta.env.VITE_ENABLE_TENANT_SWITCHER === 'true'; const enableDevSwitcher = import.meta.env.DEV || import.meta.env.VITE_ENABLE_TENANT_SWITCHER === 'true';
const styleNonce = document
.querySelector('meta[name="csp-style-nonce"]')
?.getAttribute('content');
if (styleNonce) {
setNonce(styleNonce);
}
initializeTheme(); initializeTheme();
initSentry('admin'); initSentry('admin');
const rootEl = document.getElementById('root')!; const rootEl = document.getElementById('root')!;

9
resources/js/admin/nonce.ts Normal file
View File

@@ -0,0 +1,9 @@
import { setNonce } from '@tamagui/web';
const styleNonce = document
.querySelector('meta[name="csp-style-nonce"]')
?.getAttribute('content');
if (styleNonce) {
setNonce(styleNonce);
}