Actions
Bug #101880
closed
Content Security policy causes a type error
Status:
Closed
Priority:
Should have
Assignee:
-
Category:
-
Target version:
-
Start date:
2023-09-08
Due date:
% Done:
100%
Estimated time:
TYPO3 Version:
12
PHP Version:
8.2
Tags:
Complexity:
Is Regression:
Sprint Focus:
Description
I used the following csp.yaml in my site:
inheritDefault: true
mutations:
# Results in `default-src 'self'`
- mode: set
directive: 'default-src'
sources:
- "'self'"
# Results in `'unsafe-inline' https://piwik.example.org/ https://service.example.org/
- mode: extend
directive: 'unsafe-inline'
sources:
- 'https://piwik.example.org/'
- 'https://service.example.org/'
When I then try to display the frontend I get
(1/1) TypeError TYPO3\CMS\Core\Security\ContentSecurityPolicy\Mutation::__construct(): Argument #2 ($directive) must be of type TYPO3\CMS\Core\Security\ContentSecurityPolicy\Directive, null given, called in /var/www/html/vendor/typo3/cms-core/Classes/Security/ContentSecurityPolicy/ModelService.php on line 63
The example configuration https://docs.typo3.org/m/typo3/reference-coreapi/12.4/en-us/ApiOverview/ContentSecurityPolicy/Index.html#site-specific-frontend does not cause this error.
Updated by 
Updated by 
Updated by 
Updated by
Actions