soeren/fotospiel-app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Allow inline style elements for event-admin CSP

Browse Source
This commit is contained in:
Codex Agent
2026-01-24 21:16:31 +01:00
parent 684f54f58f
commit 8887d8e16c
1 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
app/Http/Middleware/ContentSecurityPolicy.php
View File

@@ -48,8 +48,14 @@ class ContentSecurityPolicy
"'nonce-{$styleNonce}'", "'nonce-{$styleNonce}'",
'https:', 'https:',
]; ];
$styleElemSources = [];
if ($allowUnsafeInlineStyles) { if ($allowUnsafeInlineStyles) {
$styleSources[] = "'unsafe-inline'"; $styleElemSources = [
"'self'",
"'unsafe-inline'",
'https:',
'data:',
];
} }
$connectSources = [ $connectSources = [
@@ -128,6 +134,7 @@ class ContentSecurityPolicy
'default-src' => ["'self'"], 'default-src' => ["'self'"],
'script-src' => array_unique($scriptSources), 'script-src' => array_unique($scriptSources),
'style-src' => array_unique($styleSources), 'style-src' => array_unique($styleSources),
'style-src-elem' => $styleElemSources,
'style-src-attr' => ["'unsafe-inline'"], 'style-src-attr' => ["'unsafe-inline'"],
'img-src' => array_unique($imgSources), 'img-src' => array_unique($imgSources),
'font-src' => array_unique($fontSources), 'font-src' => array_unique($fontSources),