API for calculating hash of inline script/src [#3047214]

Provide an API to calculate the hash of a script or style to be included inline
https://www.w3.org/TR/CSP/#grammardef-hash-source

e.g.

class Csp {
  protected static $hashAlgorithms = ['sha256', 'sha384', 'sha512'];

  public static function hashSource($data, $algo = 'sha256') {
    if (!in_array($algo, static:hashAlgorithms)) {
      throw new \InvalidArgumentException('Hash algorithm not supported');
    }
    return base64_encode(hash($algo, $data));
  }
}

Comments

Comment #1

10 April 2019 at 18:14

gapple created an issue. See original summary.

Comment #2

gapple

he/they

English

commented 10 April 2019 at 18:17

Status:	Active	» Postponed
Related issues:		+#2895245: API for modules to alter policy

This won't be vary useful until it's possible to dynamically add directive sources.

Comment #3

20 November 2019 at 07:16

gapple committed 3a78064 on 8.x-1.x

Issue #3047214: API for calculating hash of inline scripts

Comment #4

gapple

he/they

English

commented 20 November 2019 at 07:17

Status:

Postponed

» Fixed

Comment #5

4 December 2019 at 07:19

Status:

Fixed

» Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.

API for calculating hash of inline script/src

Comments

Comment #1

Comment #2

Comment #3

Comment #4

Comment #5

Related issues

Referenced by

News items

Our community

Documentation

Drupal code base

Governance of community