You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There is no way to use nonce content security policy, since Coderello\SharedData\SharedData::render() method returns <script> with no way to inject additional data.
public function render(): string
{
return '<script>'
.'window["'.$this->getJsNamespace().'"]='.$this->toJson().';'
.'window["sharedDataNamespace"]="'.$this->getJsNamespace().'";'
.($this->getJsHelperEnabled() ? $this->getJsHelper().';' : '')
.'</script>';
}
I think either class constructor or render method could accept nonce value.
The text was updated successfully, but these errors were encountered:
There is no way to use nonce content security policy, since
Coderello\SharedData\SharedData::render()
method returns<script>
with no way to inject additional data.I think either class constructor or render method could accept nonce value.
The text was updated successfully, but these errors were encountered: