Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums CodeIgniter 4 CodeIgniter 4 Support CSP Issues with Debug Bar
CSP Issues with Debug Bar
  • Offline ltarrant
    Junior Member
  • **
  • Posts: 20
    Threads: 8
    Joined: Oct 2019
    Reputation: 2
#3
01-02-2023, 03:32 AM
(This post was last modified: 01-02-2023, 03:40 AM by ltarrant.)

I don't really have much experience with CSP so possibly its just an oversight on my part.
My usage in my CI4 application is pretty simple and limited.
CSP enabled in .env file and config file.
The following lines in the constructor of my Base Controller.

Code:
$this->response->CSP->setDefaultSrc('self');
$this->response->CSP->addFontSrc(['self', 'https://fonts.googleapis.com', 'https://fonts.gstatic.com']);
$this->response->CSP->addImageSrc(['self', 'data:']);
$this->response->CSP->addScriptSrc(['self']);

A few calls to
Code:
csp_script_nonce() 
to add nonces to some inline scripts in my views.

The CSP errors I am getting all relate to ?debugbar:46

Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self' 'nonce-???????????????????????'". Either the 'unsafe-inline' keyword, a hash , or a nonce is required to enable inline execution

Code:
toolbar.innerHTML = responseText;
Looking at the html output on the pages I can see nonces are in place for the script and style tags for the debugbar.

Luke
Reply


Messages In This Thread
CSP Issues with Debug Bar - by ltarrant - 12-30-2022, 05:49 AM
RE: CSP Issues with Debug Bar - by kenjis - 12-30-2022, 06:04 PM
RE: CSP Issues with Debug Bar - by ltarrant - 01-02-2023, 03:32 AM



Theme © iAndrew 2016 - Forum software by © MyBB