TYPO3 Core

symfony/var-dumper is fixed with https://review.typo3.org/c/Packages/TYPO3.CMS/+/79204

How can one reproduce the the issue with ResourceUtility?

Oliver Hader wrote in #note-2:

symfony/var-dumper is fixed with https://review.typo3.org/c/Packages/TYPO3.CMS/+/79204

How can one reproduce the the issue with ResourceUtility?

Use strict-dynamic for script-src instead of self

Refused to load the script 'https://typo3-cms-standard.ddev.site/_assets/0304760f2d5b5a1f133ce43f8d460a02/JavaScript/admin-panel.js' because it violates the following Content Security Policy directive: "script-src-elem 'nonce-k-SiMsIDgLSoLjELO_m8amYQQE2JIcoxoYYGP0S83Xw585n61BwqgQ' 'strict-dynamic' 'report-sample'".

Thx & Confirmed in the markup as well:

<!-- TYPO3 admin panel start -->
<link rel="stylesheet" href="/typo3/sysext/adminpanel/Resources/Public/Css/adminpanel.css" media="all" />
<script src="/typo3/sysext/adminpanel/Resources/Public/JavaScript/admin-panel.js"></script>

With the patch applied, it would be like this:

<!-- TYPO3 admin panel start -->
<link nonce="S8eqSZNcg6zdwzFoGisL0MYRQZ-Ki-8SHjhrO7iRTYK5FSXxv5X7zw" rel="stylesheet" media="all" href="/typo3/sysext/adminpanel/Resources/Public/Css/adminpanel.css" />
<script nonce="S8eqSZNcg6zdwzFoGisL0MYRQZ-Ki-8SHjhrO7iRTYK5FSXxv5X7zw" src="/typo3/sysext/adminpanel/Resources/Public/JavaScript/admin-panel.js"></script>

Patch set 1 for branch 12.4 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/79520