Cloonar/lena-schilling-website
2
0
Fork 0
Code Issues 1 Pull Requests 2 Actions Packages Projects Releases Wiki Activity

fix: extend Content Security Policy for Action Network to allow images

Browse Source
This commit is contained in:
Dominik Polakovics Polakovics
2025-06-19 08:46:19 +02:00
parent 69c8e060d6
commit 9de2800ed0
1 changed files with 33 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
packages/base/Configuration/ContentSecurityPolicies.php
View File

@@ -13,10 +13,40 @@ use TYPO3\CMS\Core\Security\ContentSecurityPolicy\UriValue;
use TYPO3\CMS\Core\Type\Map; use TYPO3\CMS\Core\Type\Map;
return Map::fromEntries([ return Map::fromEntries([
// Provide declarations for the backend // Frontend CSP configuration for Action Network widget
Scope::backend(), Scope::frontend(),
// NOTICE: When using `MutationMode::Set` existing declarations will be overridden new MutationCollection(
// Base security settings
new Mutation(
MutationMode::Set,
Directive::DefaultSrc,
SourceKeyword::self,
),
// Allow scripts from Action Network
new Mutation(
MutationMode::Extend,
Directive::ScriptSrc,
SourceKeyword::self,
new UriValue('https://actionnetwork.org'),
),
// Allow styles from Action Network
new Mutation(
MutationMode::Extend,
Directive::StyleSrc,
SourceKeyword::self,
new UriValue('https://actionnetwork.org'),
),
// Allow images from Action Network
new Mutation(
MutationMode::Extend,
Directive::ImgSrc,
SourceKeyword::self,
new UriValue('https://actionnetwork.org'),
),
),
// Backend configuration
Scope::backend(),
new MutationCollection( new MutationCollection(
// Results in `default-src 'self'` // Results in `default-src 'self'`
new Mutation( new Mutation(
@@ -34,15 +64,10 @@ return Map::fromEntries([
SourceScheme::data, SourceScheme::data,
new UriValue('https://*.typo3.org'), new UriValue('https://*.typo3.org'),
), ),
// NOTICE: the following two instructions for `Directive::ImgSrc` are identical to the previous instruction,
// `MutationMode::Extend` is a shortcut for `MutationMode::InheritOnce` and `MutationMode::Append`
// new Mutation(MutationMode::InheritOnce, Directive::ImgSrc, SourceScheme::data),
// new Mutation(MutationMode::Append, Directive::ImgSrc, SourceScheme::data, new UriValue('https://*.typo3.org')),
// Extends the ancestor directive ('default-src'), // Extends the ancestor directive ('default-src'),
// thus reuses 'self' and adds additional sources // thus reuses 'self' and adds additional sources
// Results in `script-src 'self' 'nonce-[random]'` // Results in `script-src 'self' 'nonce-[random]'`
// ('nonce-proxy' is substituted when compiling the policy)
new Mutation( new Mutation(
MutationMode::Extend, MutationMode::Extend,
Directive::ScriptSrc, Directive::ScriptSrc,