Bug #103673
closed
CSP: Admin Panel submodule script tag does not get nonce attached
100%
Description
With EXT:schema, I am providing a custom admin panel module/submodule with JavaScript attached. The script tag does not get a nonce attribute for that submodule which results in a CSP violation when not allowing 'self', only nonce for scripts.
The reason for this: in ResourceUtility class the $attributes array (which holds the "useNonce" configuration) is not passed to the getAdditionalResourcesForModules() call.
Updated by Chris Müller 7 months ago
- Subject changed from CSP to CSP: Admin Panel submodule script tag does not get nonce attached
Updated by Gerrit Code Review 7 months ago
- Status changed from New to Under Review
Patch set 1 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/83927
Updated by Gerrit Code Review 7 months ago
Patch set 1 for branch 12.4 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/83898
Updated by Chris Müller 7 months ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset 74ea84e22656f787e135f1e1bb50a5fef037867d.
Updated by