Hello,
I have problem with generating hashes or nonce- attribute for script-src of my csp policy declared in layout header:
Code:
<html lang="en">
<head>
<meta charset="utf-8">
<?= $this->headTitle('Site title')->setSeparator(' - ')->setAutoEscape(false) ?>
<?= $this->headMeta()
->appendName('description', isset($description) ? $description : 'description default')
->appendName('keywords', isset($keywords) ? $keywords : 'keywords default')
->appendName('viewport', 'width=device-width, initial-scale=1.0')
->appendHttpEquiv('X-UA-Compatible', 'IE=edge')
->appendHttpEquiv('Content-Type', 'text/html; charset=UTF-8')
->appendHttpEquiv('Content-Language', 'en-EN')
->appendHttpEquiv('Content-Security-Policy',
"default-src 'none';
script-src 'self' 'nonce-.......';
connect-src 'self';
font-src 'self';
img-src 'self' blob:;
style-src 'self';
base-uri 'self';
form-action 'self'
");
?>
…
and in template for example index.phtml:
< script nonce="…" >
// …
< /script >
How can I generate such a variable dynamically once for a request and pass it to the layout, templates? Has anyone faced a similar problem?
I will be grateful for every suggestion.
Greetings,