Hi,
splitbrain opened a new pull request at
https://github.com/dokuwiki/dokuwiki/pull/4220:
This addresses #3788
When an external source (eg. the webserver) sets a CSP header for DokuWiki it
can now use a nonce to allow only certain inline scripts instead of having to
allow all of them. In this case the nonce needs to be passed on to DokuWiki
using an environment variable called `NONCE`.
Note this only addresses inline scripts created by the DokuWiki core. Plugins
would need to make use of the newly introduces `tpl_inlineScript()` before
their scripts would pass a restrictive CSP.
An update for the cspheaders plugin might follow to make use of this feature.
Please help us to review this pull request, so new contributors get feedback in
a timely manner.
fc19b090-d0c9-11ee-8d50-9e2bff14f3d9
--
DokuWiki mailing list - more info at
http://www.dokuwiki.org/mailinglist
