Closed ste101 closed 1 year ago
websi
commented
1 year ago I think https://github.com/Yoast/Yoast-SEO-for-TYPO3/blob/378cb2e09557c8adee7a46ad2740aed2651341fc/Classes/Hooks/BackendYoastConfig.php#L25 should be changed to
-$pObject->addJsInlineCode('yoast-json-config', $jsonConfigUtility->render());
+$pObject->addJsInlineCode('yoast-json-config', $jsonConfigUtility->render(), true, false, true);
RinyVT
commented
1 year ago @ste101 @websi I just opened a pull request with 2 fixes, would you be able to test this? 😄
ste101
commented
1 year ago Now it is working, thanks 👍
websi
commented
1 year ago Yes, with these changes it is working
websi
commented
1 year ago
After enabling 'Security: backend enforce content security policy' the browser console shows an error:
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'nonce-hZ9wyV6mnjrpPd6ozVOvYLbp6iINP-M6PHEYsu8P01PrEz57DDXHqw' 'report-sample'". Either the 'unsafe-inline' keyword, a hash ('sha256-0X2iein9ND1TcikMOT8afvZuD14Bks0cMBKpkRhcY1I='), or a nonce ('nonce-...') is required to enable inline execution.