Problem/Motivation

Provide an alter hook enabling themes to alter the CSP policy.

Proposed resolution

/**
 * Alters the CSP policy.
 *
 * This hook is only invoked for themes, modules should add an event subscriber listening to the CspEvents::POLICY_ALTER event.
 *
 * @param \Drupal\csp\Csp $policy
 *   The CSP policy.
 * @param \Symfony\Component\HttpFoundation\Response $response
 *   The response the policy is applied to.
 */
function hook_csp_policy_alter(Csp $policy, Response $response): void {}

Remaining tasks

Invoke the hook and document it in csp.api.php.

Issue fork csp-3409435

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

About issue forks

Comments

DieterHolvoet created an issue. See original summary.

DieterHolvoet opened merge request !21

dieterholvoet’s picture

dieterholvoet commented
Status: Active » Needs review
dieterholvoet’s picture

dieterholvoet commented

I added a first implementation in this Gin MR.

gapple’s picture

gapple
he/they
Primary language English
commented

I was thinking of adding it right in the response handler, but I like separating out the extra service dependency 🙂.

My only thought currently is to (de)prioritize this handler (e.g. -10) so that it executes after module subscribers with a default priority.

dieterholvoet’s picture

dieterholvoet commented

Changed it!

gapple’s picture

gapple
he/they
Primary language English
commented
Status: Needs review » Fixed

gapple closed merge request !21

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.