Adding script nonce parameter for Content Security Policy headers

albertcht / invisible-recaptcha

An invisible reCAPTCHA package for Laravel, Lumen, CI or native PHP.

MIT License

603 stars 163 forks source link

Adding script nonce parameter for Content Security Policy headers #125

Closed mvasilyev closed 3 years ago

mvasilyev commented 4 years ago

Adding optional nonce parameter so rendered html will contain script tag with nonce parameter. Adding same nonce to script-src of SCP headers will allow this script to be executed.

robertnicjoo commented 3 years ago

syntax error, unexpected ',', expecting :: (T_PAAMAYIM_NEKUDOTAYIM) in return "<?php echo app('captcha')->renderFooterJS({$lang, $nonce}); ?>";

albertcht commented 3 years ago

Hi @mvasilyev ,

Thanks for your pull request.

mikemand commented 3 years ago

This is broken, FYI. Directives only receive a single argument that is translated to an array when the directive is run. I am working on a fix and will PR in a few minutes.