| commit | e5d413b07e3797d0f7a9df3342f08a2e51ec9fc0 | |
| author | Andreas Gohr <andi@splitbrain.org> | |
| Wed, 21 Feb 2024 14:25:59 +0000 (21 15:25 +0100) | ||
| committer | Andreas Gohr <andi@splitbrain.org> | |
| Wed, 21 Feb 2024 14:25:59 +0000 (21 15:25 +0100) | ||
| tree | 80f7be42e0924d540e4ce0a348d566b125c5ab52 | treesnapshot (tar.gz zip) |
| parent | 3d106cfbb85abe9c1295af2cb4a8aec93ad71b81 | commitdiff |
Use environment provided NONCE for inline scripts. #3788
When an outside source wants to set a restrictive CSP, it can use a
nonce to allow inline scripts instead of using 'unsafe-inline'. This
nonce can be passed on via the environment variable NONCE and will be
used in tpl_metaheaders to tag our inline JS initializations.
An update to the cspheaders plugin should be made to provide a nonce as
well.
When an outside source wants to set a restrictive CSP, it can use a
nonce to allow inline scripts instead of using 'unsafe-inline'. This
nonce can be passed on via the environment variable NONCE and will be
used in tpl_metaheaders to tag our inline JS initializations.
An update to the cspheaders plugin should be made to provide a nonce as
well.
| inc/template.php | diffblobblamehistory |