From 74835c7e235e48ff3c0165bcfaddd95f138c87a8 Mon Sep 17 00:00:00 2001 From: Antonio Almeida Date: Sun, 18 Jun 2023 23:50:03 +0100 Subject: [PATCH 1/2] Added csp nonce support --- src/BassetManager.php | 30 ++++++++++++++++++++++++------ src/config/backpack/basset.php | 3 +++ 2 files changed, 27 insertions(+), 6 deletions(-) diff --git a/src/BassetManager.php b/src/BassetManager.php index 38816f1..9647071 100644 --- a/src/BassetManager.php +++ b/src/BassetManager.php @@ -23,6 +23,7 @@ class BassetManager private array $loaded; private string $basePath; private string $cachebusting; + private string|null $nonce; private bool $dev = false; public CacheMap $cacheMap; @@ -40,6 +41,7 @@ public function __construct() $this->cachebusting = '?'.substr(md5(base_path('composer.lock')), 0, 12); $this->basePath = (string) Str::of(config('backpack.basset.path'))->finish('/'); $this->dev = config('backpack.basset.dev_mode', false); + $this->nonce = config('backpack.basset.nonce', null); $this->cacheMap = new CacheMap($this->disk, $this->basePath); $this->loader = new LoadingTime(); @@ -110,12 +112,10 @@ public function echoFile(string $path, array $attributes = []): void */ public function echoCss(string $path, array $attributes = []): void { - $args = ''; - foreach ($attributes as $key => $value) { - $args .= " $key".($value === true || empty($value) ? '' : "=\"$value\""); - } + $href = asset($path.$this->cachebusting); + $args = $this->prepareAttributes($attributes); - echo ''.PHP_EOL; + echo ''.PHP_EOL; } /** @@ -126,12 +126,30 @@ public function echoCss(string $path, array $attributes = []): void */ public function echoJs(string $path, array $attributes = []): void { + $src = asset($path.$this->cachebusting); + $args = $this->prepareAttributes($attributes); + + echo ''.PHP_EOL; + } + + /** + * Prepares attributes to be added to the script/style dom element + * + * @param array $attributes + * @return string + */ + private function prepareAttributes(array $attributes = []): string + { + if ($this->nonce) { + $attributes['nonce'] ??= $this->nonce; + } + $args = ''; foreach ($attributes as $key => $value) { $args .= " $key".($value === true || empty($value) ? '' : "=\"$value\""); } - echo ''.PHP_EOL; + return $args; } /** diff --git a/src/config/backpack/basset.php b/src/config/backpack/basset.php index a065907..7bc1ce9 100644 --- a/src/config/backpack/basset.php +++ b/src/config/backpack/basset.php @@ -16,4 +16,7 @@ 'view_paths' => [ resource_path('views'), ], + + // content security policy nonce + 'nonce' => null, ]; From 806ac542ba56ed536478a47c2ab623e18b9be7cb Mon Sep 17 00:00:00 2001 From: tabacitu Date: Sun, 18 Jun 2023 22:50:15 +0000 Subject: [PATCH 2/2] Apply fixes from StyleCI --- src/BassetManager.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/BassetManager.php b/src/BassetManager.php index 9647071..541eed0 100644 --- a/src/BassetManager.php +++ b/src/BassetManager.php @@ -133,9 +133,9 @@ public function echoJs(string $path, array $attributes = []): void } /** - * Prepares attributes to be added to the script/style dom element + * Prepares attributes to be added to the script/style dom element. * - * @param array $attributes + * @param array $attributes * @return string */ private function prepareAttributes(array $attributes = []): string