Closed marcoczen closed 2 months ago
You want RichRenderer::$js_nonce
and RichRenderer::$css_nonce
. I'm considering moving them to AbstractRenderer
in the next major version.
Due to the way kint works nonce-based CSP is all we can do, but you could take the JS And CSS from the resources/compiled/
folder if you wanted to serve them yourself
HI jnvsor,
Due to the way kint works nonce-based CSP is all we can do,
I understand.
You want RichRenderer::$js_nonce and RichRenderer::$css_nonce.
Hehehe... I am too dumb to understand how to get that or to put that into my page headers via php programmatically.
I'm considering moving them to AbstractRenderer in the next major version.
Noted.
Thanks.
p.s - One of the GREAT thing about kint is that its just one phar file and boom - magic happens ! I have used kint since v3 ... just blown away by it ..... Thanks once again
You simply set Kint\Renderer\RichRenderer::$js_nonce
to whatever your csp nonce is - the csp nonce is set in script-src
. You can have multiple script-src
values too, consider using a generator if it gets complicated.
So for instance if you set your CSP script-src
to 'self' 'nonce-IAMSUPPOSEDTOBERANDOM'
and Kint\Renderer\RichRenderer::$js_nonce = "IAMSUPPOSEDTOBERANDOM";
it should work (And the same for style if you're using it of course)
Hi. I will test and revert . Thanks.
Update - The steps above were rejected by the Chrome Browser. ( I did something wrong ? ) . Kint output was just plain black text. No white background etc.
Instaed the browser console suggested two hashes - which I added into script-src
and style-src
.
All Good now !!!
No need for unsafe-inline
anymore.
Thanks !!!
Guys,
Any way we can make Kint play nice with
CSP
? Currently when I am using Kint, I add 'unsafe-inline' to myscript-src
,style-src
.Pls do consider.
p.s. Kint - Best php debugger ever !!!!