We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
I have a little inline style applied to the body tag (style="height: 100%;") that I need to use a hash for in my CSP.
style="height: 100%;"
I have added this to my .json file used to generate my CSP, but am getting an error when loading the page. This is my .json file in full:
.json
{ "report-only": false, "base-uri": { "self": true }, "default-src": { "self": true }, "connect-src": { "self": true }, "font-src": { "self": true, "allow": ["https://use.typekit.net"] }, "form-action": { "allow": [], "self": true }, "frame-ancestors": [], "frame-src": { "allow": [], "self": false }, "img-src": { "self": true, "data": true }, "media-src": [], "object-src": [], "plugin-types": [], "script-src": { "allow": [], "hashes": [], "self": true, "unsafe-inline": true, "unsafe-eval": true }, "style-src": { "self": true, "allow": ["https://use.typekit.net", "https://p.typekit.net"], "hashes": ["sha256-YTEza4CA2qPCNGLfB6mKa5FjY8kjkO/K7nQxeJxVd9E="] }, "upgrade-insecure-requests": true, "worker-src": { "allow": [], "self": false } }
As you can see I have added the hash to my style-src. The error is:
style-src
Invalid argument supplied for foreach()
On line 882 of /vendor/paragonie/csp-builder/src/CSPBuilder.php. The line in question looks like this:
/vendor/paragonie/csp-builder/src/CSPBuilder.php
foreach ($hash as $algo => $hashval) {
If you have any pointers as to where I might be going wrong it would be greatly appreciated
The text was updated successfully, but these errors were encountered:
seems like you need an associative array. can you try this?
"hashes": {"forMyBodyElement": "sha256-YTEza4CA2qPCNGLfB6mKa5FjY8kjkO/K7nQxeJxVd9E="}
Sorry, something went wrong.
The correct way to set this up is by hash algo. So in this example:
"hashes": [ { "sha256": "YTEza4CA2qPCNGLfB6mKa5FjY8kjkO/K7nQxeJxVd9E=" } ],
Don't forget to remove the -
-
bnomei
No branches or pull requests
I have a little inline style applied to the body tag (
style="height: 100%;"
) that I need to use a hash for in my CSP.I have added this to my
.json
file used to generate my CSP, but am getting an error when loading the page. This is my.json
file in full:As you can see I have added the hash to my
style-src
. The error is:Invalid argument supplied for foreach()
On line 882 of
/vendor/paragonie/csp-builder/src/CSPBuilder.php
. The line in question looks like this:foreach ($hash as $algo => $hashval) {
If you have any pointers as to where I might be going wrong it would be greatly appreciated
The text was updated successfully, but these errors were encountered: