Project

General

Profile

Actions

Bug #102438

closed

CSP-Errors after update to 12.4.8

Added by Michael Binder about 1 year ago. Updated 5 months ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
-
Target version:
-
Start date:
2023-11-21
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
12
PHP Version:
8.1
Tags:
CSP
Complexity:
Is Regression:
Yes
Sprint Focus:

Description

After updating from 12.4.7 to 12.4.8, I am getting CSP error messages, which means that my integrated JavaScripts are no longer running correctly.
I have noticed this behaviour in Fluid with '<f:asset.script useNonce="true"', with the TypoScript integration includeJS(Footer) and via reloaded content from a GoogleMaps integration. All three work correctly after downgrading to version 12.4.7.

If I use Fluid with '<f:asset.script nonce="{f:security.nonce()}"', the integration works without CSP error messages. Of course, this does not work with the GoogleMaps plugin.

Is there anything else I need to set in the CSP config with the new version?


Related issues 3 (0 open3 closed)

Related to TYPO3 Core - Bug #102460: Incorrect CSP nonce on additional steps and the confirmation message of the formClosed2023-11-22

Actions
Related to TYPO3 Core - Task #101751: Use ConsumableNonce instead of blunt Nonce in CSP contextClosedOliver Hader2023-08-25

Actions
Related to TYPO3 Core - Task #102620: Add strict parameter to base64url decodeClosed2023-12-06

Actions
Actions

Also available in: Atom PDF