Error when trying to implement a hash
MikeHarrison opened this issue · comments
I have a little inline style applied to the body tag (style="height: 100%;"
) that I need to use a hash for in my CSP.
I have added this to my .json
file used to generate my CSP, but am getting an error when loading the page. This is my .json
file in full:
{
"report-only": false,
"base-uri": {
"self": true
},
"default-src": {
"self": true
},
"connect-src": {
"self": true
},
"font-src": {
"self": true,
"allow": ["https://use.typekit.net"]
},
"form-action": {
"allow": [],
"self": true
},
"frame-ancestors": [],
"frame-src": {
"allow": [],
"self": false
},
"img-src": {
"self": true,
"data": true
},
"media-src": [],
"object-src": [],
"plugin-types": [],
"script-src": {
"allow": [],
"hashes": [],
"self": true,
"unsafe-inline": true,
"unsafe-eval": true
},
"style-src": {
"self": true,
"allow": ["https://use.typekit.net", "https://p.typekit.net"],
"hashes": ["sha256-YTEza4CA2qPCNGLfB6mKa5FjY8kjkO/K7nQxeJxVd9E="]
},
"upgrade-insecure-requests": true,
"worker-src": {
"allow": [],
"self": false
}
}
As you can see I have added the hash to my style-src
. The error is:
Invalid argument supplied for foreach()
On line 882 of /vendor/paragonie/csp-builder/src/CSPBuilder.php
. The line in question looks like this:
foreach ($hash as $algo => $hashval) {
If you have any pointers as to where I might be going wrong it would be greatly appreciated
seems like you need an associative array. can you try this?
"hashes": {"forMyBodyElement": "sha256-YTEza4CA2qPCNGLfB6mKa5FjY8kjkO/K7nQxeJxVd9E="}
The correct way to set this up is by hash algo. So in this example:
"hashes": [
{
"sha256": "YTEza4CA2qPCNGLfB6mKa5FjY8kjkO/K7nQxeJxVd9E="
}
],
Don't forget to remove the -