Closed (fixed)
Project:
Content-Security-Policy
Version:
8.x-1.x-dev
Component:
Code
Priority:
Normal
Category:
Bug report
Assigned:
Unassigned
Reporter:
Created:
27 Jan 2020 at 11:38 UTC
Updated:
15 Sep 2020 at 18:39 UTC
Jump to comment: Most recent
Comments
Comment #2
gappleDoes the error prevent installation of CSP?
Does the error occur again when clearing / rebuilding the cache?
Does the error occur when trying to install any other modules?
I wasn't able to reproduce
hook_library_info_alterreceiving NULL as the first parameter on a site with only csp.module (and not chosen).Comment #3
gappleComment #4
pietermouton commentedError appears after installing the module, blocking the site I'm on.
Clearing cache doesn't solve the issue.
Other modules can be enabled without any problems.
I'm guessing there's an issue with some kind of module I'm using, by the looks of it.
Still didn't figure out what module exactly causes this.
I needed seckit also, for other security fixes and this module also provides a csp integration, so I went with this one for now.
Comment #5
accessiveapps commentedI have the same issue.
When enabling / installing CSP module I am getting
Site is not usable after this and I had to use drush to pmu csp.
1.10 is my version. But also happened in earlier versions.
Comment #6
gappleI wasn't able to reproduce on a site installed with the Standard profile, CSP, and Chosen.
CSP doesn't make any alterations to library definitions, but it does scan for all available libraries, which could expose an underlying issue in the library definitions.
It's possible that it's a module other than CSP or Chosen that is causing invalid info in the library definitions - using a debugger to check the value of
$modulewhenhook_library_info_alter()is called with a null value for$librariesmay uncover the source.----
The Markdown error looks likely to be a separate issue with Markdown 8.x-1.x and the contrib Libraries API module.
Comment #7
jr-ewing commentedSame here after module install:
Cache cleaning has no effect.
Drupal 8.9.1
CSP Version: 8.x-1.12
Comment #8
gappleCan anyone provide a more complete listing of the modules enabled on their site?
Most helpful of all would be steps to reproduce the error from an installation of the Minimal or Standard install profiles in core.
Comment #9
gappleComment #10
rang501 commentedI experienced the same issue and found why it happened - there was an empty libraries.yml file in one of the custom modules.
I think the chosen module is wrong here because it assigns array type hint to hook_library_info_alter $libraries argument, which doesn't exist in original hook definition.
The hook docblock is wrong in that case too, it doesn't tell that it can be also null.
Comment #11
gapple@rang501 Thanks for the info, I can also reproduce the issue now.
Core isn't consistent about the array type hint for
hook_library_info_alterimplementations, (only locale and responsive_image currently use it), but it shouldn't cause an error if used.It looks like CSP exposes this issue because it needs to enumerate all libraries for enabled modules in order to build the default policy. Without CSP enabled, an empty library file would only be loaded if a (non-existent) library from that module was attached to the page.
I've created an upstream issue, and am working on a patch: #3167036: Empty *.libraries.yml file can cause fatal error
Comment #12
gappleCore issue has been merged, so this will be resolved in the upcoming 8.9+ releases
Comment #13
gapple