wedevelopnl / silverstripe-csp-custom-scripts
Installs: 4
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 6
Forks: 0
Open Issues: 0
Type:silverstripe-vendormodule
Requires
- silverstripe/cms: ^4.0 || ^5.0
README
Description
This Silverstripe module makes sure that any custom scripts added through Requirements are served from a javascript
file. The goal of this is to be able to drop script-src: 'unsafe-inline'
from your Content-Security-Policy header.
Installation
$ composer require wedevelopnl/silverstripe-csp-custom-scripts
Run a dev/build and you should be all set.
If you're using dorsetdigital/silverstripe-enhanced-requirements
read "Compatibility" for further instructions
Compatibility
If you're using dorsetdigital/silverstripe-enhanced-requirements
you will have to do the override yourself, extend
the Enhanced_Requirements class and use the trait to inject the CSP code.
csp.yml
--- Name: csp-enhanced-requirements After: - '#enhanced-requirements' - '#csp-requirements' --- SilverStripe\Core\Injector\Injector: SilverStripe\View\Requirements_Backend: class: App\View\RequirementsBackend
src/View/RequirementsBackend.php
<?php declare(strict_types=1); namespace App\View; use DorsetDigital\EnhancedRequirements\View\Enhanced_Backend; use WeDevelop\Csp\View\CspBackendTrait; final class RequirementsBackend extends Enhanced_Backend { use CspBackendTrait; public function includeInHTML($content) { $this->processCspCustomScripts(); return parent::includeInHTML($content); } }