Task #100140
Updated by Oliver Hader about 1 year ago
See failing Acceptance Tests in https://git.typo3.org/typo3/CI/cms/-/jobs/2057378
* source @'nonce-...'@ was given for @style-src@
* unsure why a sitemap check (frontend) invokes acceptance tests in the backend
> 24) SitemapXmlCest: See sitemap xml | "/menu-section-pages"
> Test Acceptance/Application/Frontend/SitemapXmlCest.php:seeSitemapXml
> Found following JavaScript errors in the browser console:
> 12:11:55.312 SEVERE - http://web:8000/typo3temp/var/tests/acceptance/typo3/index.php 16 Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self' 'nonce-p7sAugH1IbHGrW0y_Jf9_kfJA8hS56QuUykpWXQ_b4ahCJucZAcTQg' 'unsafe-inline'". Note that 'unsafe-inline' is ignored if either a hash or nonce value is present in the source list.
>
In order to use stylesheets with nonce sources (implicitly required for @'strict-dynamic'@ as well)
* inline styles (@style-src-elem@) should use a potential nonce
* lit-elements need to use the @window.litNonce@ work-around