cspscript for encore_entry_script_tags and cspstyle for encore_entry_link_tags #314
Comments
|
Any idea? |
|
I make like this and work fine: |
|
problem with imo it should behave similar to |
|
For Webpack Encore, you can use an EventSubscriber to automatically add the nonce to the script or link tags. For example (only script tags): final class EncoreNonceSubscriber implements EventSubscriberInterface
{
private ContentSecurityPolicyListener $csp;
public function __construct(ContentSecurityPolicyListener $csp)
{
$this->csp = $csp;
}
public static function getSubscribedEvents(): array
{
return [RenderAssetTagEvent::class => 'onRenderAssetTag'];
}
public function onRenderAssetTag(RenderAssetTagEvent $event): void
{
if ($event->isScriptTag()) {
$event->setAttribute('nonce', $this->csp->getNonce('script'));
}
}
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
cspscript and cspstyle works only for one script at a time. Both encore_entry_script_tags and encore_entry_link_tags generate multiple
<script>and<style>tags by design. Do you think of any solution that could handle this situation? The only thing I can imagine is to add a new tags cspscripts and cspstyle to NelmioSecurityBundle which will handle multiple tags in a loop.What do you think about it?
The text was updated successfully, but these errors were encountered: