Skip to content

Commit 275755c

Browse files
author
Jonathan de Jong
committed
revert style nonce, and add fixme comment explaining why
1 parent 49831af commit 275755c

File tree

1 file changed

+3
-1
lines changed

1 file changed

+3
-1
lines changed

app/Http/Middleware/SecurityHeaders.php

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -100,7 +100,9 @@ public function handle($request, Closure $next)
100100
## start strict CSP
101101

102102
$strictCspPolicy[] = "default-src 'self'";
103-
$strictCspPolicy[] = "style-src 'self' 'nonce-" . csrf_token() . "'";
103+
// FIXME: There is a LOT of dynamically loaded inline styles into elements, so this isn't going to work for now...
104+
// $strictCspPolicy[] = "style-src 'self' 'nonce-" . csrf_token() . "'";
105+
$strictCspPolicy[] = "style-src 'self' 'unsafe-inline'";
104106
$strictCspPolicy[] = "script-src 'self' 'nonce-" . csrf_token() . "'";
105107
$strictCspPolicy[] = "connect-src 'self'";
106108
$strictCspPolicy[] = "base-uri 'self'";

0 commit comments

Comments
 (0)