Skip to content
This repository has been archived by the owner on Dec 30, 2024. It is now read-only.

wedevelopnl/silverstripe-csp-custom-scripts

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
_config
_config
 
 
src
src
 
 
README.md
README.md
 
 
composer.json
composer.json
 
 

Repository files navigation

WeDevelop Silverstripe CSP Custom Scripts

Description

This Silverstripe module makes sure that any custom scripts added through Requirements are served from a javascript file. The goal of this is to be able to drop script-src: 'unsafe-inline' from your Content-Security-Policy header.

Installation

$ composer require wedevelopnl/silverstripe-csp-custom-scripts

Run a dev/build and you should be all set. If you're using dorsetdigital/silverstripe-enhanced-requirements read "Compatibility" for further instructions

Compatibility

If you're using dorsetdigital/silverstripe-enhanced-requirements you will have to do the override yourself, extend the Enhanced_Requirements class and use the trait to inject the CSP code.

csp.yml

---
Name: csp-enhanced-requirements
After:
  - '#enhanced-requirements'
  - '#csp-requirements'
---
SilverStripe\Core\Injector\Injector:
  SilverStripe\View\Requirements_Backend:
    class: App\View\RequirementsBackend

src/View/RequirementsBackend.php

<?php

declare(strict_types=1);

namespace App\View;

use DorsetDigital\EnhancedRequirements\View\Enhanced_Backend;
use WeDevelop\Csp\View\CspBackendTrait;

final class RequirementsBackend extends Enhanced_Backend
{
    use CspBackendTrait;

    public function includeInHTML($content)
    {
        $this->processCspCustomScripts();

        return parent::includeInHTML($content);
    }
}

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

6 watching

Forks

0 forks
Report repository

Releases 1

1.0.0 Latest
Dec 19, 2024

Packages

No packages published

Languages