nonce fix
This commit is contained in:
parent
efe979768c
commit
b2b8bca9ea
1 changed files with 2 additions and 3 deletions
|
|
@ -24,9 +24,8 @@ class AddContentSecurityPolicy
|
||||||
"style-src 'self' 'unsafe-inline' http: https:; " .
|
"style-src 'self' 'unsafe-inline' http: https:; " .
|
||||||
"connect-src 'self' ws: http: https:;";
|
"connect-src 'self' ws: http: https:;";
|
||||||
} else {
|
} else {
|
||||||
// Production CSP - Livewire v3 requires unsafe-eval and nonce for inline scripts
|
// Production CSP - Livewire v3 requires unsafe-eval and unsafe-inline
|
||||||
$nonce = csp_nonce();
|
$csp = "script-src 'self' 'unsafe-eval' 'unsafe-inline' https:; " .
|
||||||
$csp = "script-src 'self' 'unsafe-eval' 'nonce-{$nonce}' https:; " .
|
|
||||||
"style-src 'self' 'unsafe-inline' https:; " .
|
"style-src 'self' 'unsafe-inline' https:; " .
|
||||||
"connect-src 'self' https:;";
|
"connect-src 'self' https:;";
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue