[TASK] Add csp support for v13

ayacoo · Sep 27, 2024 · fd9edea · fd9edea
1 parent 535bece
commit fd9edea
Show file tree

Hide file tree

Showing 4 changed files with 49 additions and 3 deletions.
diff --git a/Classes/Helper/SoundcloudHelper.php b/Classes/Helper/SoundcloudHelper.php
@@ -76,7 +76,7 @@ public function getPreviewImage(File $file)
         $previewImageUrl = trim($properties['soundcloud_thumbnail_url'] ?? '');
 
         // get preview from soundcloud
-        if ($previewImageUrl !== '') {
+        if ($previewImageUrl === '') {
             $oEmbed = $this->getOEmbedData($this->getOnlineMediaId($file));
             $previewImageUrl = $oEmbed['thumbnail_url'];
         }

diff --git a/Configuration/ContentSecurityPolicies.php b/Configuration/ContentSecurityPolicies.php
@@ -0,0 +1,34 @@
+<?php
+
+declare(strict_types=1);
+
+use TYPO3\CMS\Core\Security\ContentSecurityPolicy\Directive;
+use TYPO3\CMS\Core\Security\ContentSecurityPolicy\Mutation;
+use TYPO3\CMS\Core\Security\ContentSecurityPolicy\MutationCollection;
+use TYPO3\CMS\Core\Security\ContentSecurityPolicy\MutationMode;
+use TYPO3\CMS\Core\Security\ContentSecurityPolicy\Scope;
+use TYPO3\CMS\Core\Security\ContentSecurityPolicy\SourceScheme;
+use TYPO3\CMS\Core\Security\ContentSecurityPolicy\UriValue;
+use TYPO3\CMS\Core\Type\Map;
+
+return Map::fromEntries([
+    Scope::backend(),
+
+    new MutationCollection(
+        // The csp extension is required for images in the PreviewRenderer when active
+        new Mutation(
+            MutationMode::Extend,
+            Directive::ImgSrc,
+            SourceScheme::data,
+            new UriValue('*.sndcdn.com'),
+        ),
+
+        // The csp extension is required for the IFrame in the info window
+        new Mutation(
+            MutationMode::Extend,
+            Directive::FrameSrc,
+            SourceScheme::data,
+            new UriValue('*.soundcloud.com'),
+        ),
+    ),
+]);
diff --git a/README.md b/README.md
@@ -89,6 +89,18 @@ with `$GLOBALS['TCA']['tt_content']['types']['textmedia']['previewRenderer'] = \
 
 Documentation: https://docs.typo3.org/m/typo3/reference-coreapi/main/en-us/ApiOverview/ContentElements/CustomBackendPreview.html
 
+### 3.3 Content security policy
+
+If CSP is activated in the backend, policies will be automatically added.
+To do this, the file Configuration/ContentSecurityPolicies.php is used.
+
+If CSP is to be extended for the frontend, the configuration can be added
+in a site package extension or in the global csp.yml
+
+Take a look at the current documentation:
+https://docs.typo3.org/m/typo3/reference-coreapi/main/en-us/ApiOverview/ContentSecurityPolicy/Index.html
+
+
 ## 4 Administration corner
 
 ### 4.1 Versions and support

diff --git a/composer.json b/composer.json
@@ -15,10 +15,10 @@
 	],
 	"require": {
 		"php": ">=8.2 < 8.4",
-		"typo3/cms-core": "^13.1"
+		"typo3/cms-core": "^13.3"
 	},
 	"require-dev": {
-		"friendsofphp/php-cs-fixer": "^3.49.0",
+		"friendsofphp/php-cs-fixer": "^3.57.0",
 		"helmich/typo3-typoscript-lint": "^3.1.0",
 		"phpstan/extension-installer": "^1.3.1",
 		"phpstan/phpstan": "^1.11",