update for CSP

(cherry picked from commit ef4442e49ec314e9df8612b1c45f530a6858d69f)
JaJuMa-GmbH · Dec 31, 2024 · 4481b44 · 4481b44
1 parent ffd4fa7
commit 4481b44
Show file tree

Hide file tree

Showing 6 changed files with 34 additions and 7 deletions.
diff --git a/Block/PowerToys.php b/Block/PowerToys.php
@@ -177,4 +177,9 @@ public function isAdmin() {
         $areaCode = $this->_state->getAreaCode();
         return $areaCode == \Magento\Framework\App\Area::AREA_ADMINHTML;
     }
+
+    public function getNonce()
+    {
+        return $this->helper->getNonce();
+    }
 }
diff --git a/Helper/Data.php b/Helper/Data.php
@@ -20,7 +20,8 @@
 use Magento\Framework\Math\Random;
 use Magento\Store\Model\ScopeInterface;
 use Magento\Store\Model\StoreManagerInterface;
-
+use Magento\Framework\ObjectManagerInterface;
+use ReflectionException;
 /**
  * Class Data
  * @package Jajuma\PowerToys\Helper
@@ -53,6 +54,8 @@ class Data extends AbstractHelper
 
     private $configCollection;
 
+    private $objectManager;
+
     /**
      * Data constructor.
      * @param Context $context
@@ -61,21 +64,24 @@ class Data extends AbstractHelper
      * @param Config $powerToyConfig
      * @param WriterInterface $configWriter
      * @param CollectionFactory $configCollection
+     * @param ObjectManagerInterface $objectManager
      */
     public function __construct(
         Context $context,
         StoreManagerInterface $storeManager,
         Auth $powerToysAuth,
         Config $powerToyConfig,
         WriterInterface $configWriter,
-        CollectionFactory $configCollection
+        CollectionFactory $configCollection,
+        ObjectManagerInterface $objectManager
     ) {
         parent::__construct($context);
         $this->storeManager = $storeManager;
         $this->powerToysAuth = $powerToysAuth;
         $this->powerToyConfig = $powerToyConfig;
         $this->configWriter = $configWriter;
         $this->configCollection = $configCollection;
+        $this->objectManager = $objectManager;
     }
 
     /**
@@ -270,4 +276,14 @@ public function loadComponentSortOrderConfig(string $type): ?string {
         }
     }
 
+    public function getNonce()
+    {
+        try {
+            $cspNonceProvider = $this->objectManager->get(\Magento\Csp\Helper\CspNonceProvider::class);
+        } catch (ReflectionException $reflectionException) {
+            return '';
+        }
+        return $cspNonceProvider->generateNonce();
+    }
+
 }
diff --git a/view/base/templates/bookmark_bar.phtml b/view/base/templates/bookmark_bar.phtml
@@ -17,6 +17,7 @@ use Jajuma\PowerToys\ViewModel\HeroiconsOutline;
 $heroicons = $block->getHeroIconsOutline();
 $magewire = $block->getMagewire();
 $files = $magewire->getFileIcons();
+$nonce = $block->getNonce();
 ?>
 
 <div>
@@ -124,7 +125,7 @@ $files = $magewire->getFileIcons();
         </div>
     </div>
 
-    <script>
+    <script <?= $nonce ? 'nonce="' . $nonce . '"' : '' ?>>
         var listIcon = document.querySelectorAll('#powertoys-bookmark-modal .bookmark-icon-item');
         const powerToyBookMarkPopupModal = document.querySelector('#powertoys-bookmark-modal .powertoys-modal');
         var inputBookmarkName = document.querySelector("input[name='bookmark_name']");

diff --git a/view/base/templates/powertoys.phtml b/view/base/templates/powertoys.phtml
@@ -24,10 +24,11 @@ $quickActionBlocks = null;
 if ($block->isEnabledQuickAction()) {
     $quickActionBlocks = $block->getBlocks('quickaction');
 }
+$nonce = $block->getNonce();
 ?>
 
 <?php if ($block->isAdmin()): ?>
-<script>
+<script <?= $nonce ? 'nonce="' . $nonce . '"' : '' ?>>
     localStorage.setItem("admin_url", "<?= $block->getUrl('jajuma_powertoys/session/check') ?>");
 </script>
 <?php endif ?>
@@ -269,7 +270,7 @@ if ($block->isEnabledQuickAction()) {
     </div>
 <?php endif; ?>
 
-<script>
+<script <?= $nonce ? 'nonce="' . $nonce . '"' : '' ?>>
     //Sort mode flag
     var editmode = false;
     var actionList = document.querySelector("[powertoys-content] .powertoys-actions .powertoys-actions-list");

diff --git a/view/frontend/templates/magewire.phtml b/view/frontend/templates/magewire.phtml
@@ -11,9 +11,11 @@ use Magento\Framework\View\Element\Template;
 use Magewirephp\Magewire\ViewModel\Magewire;
 
 $magewireScripts = $block->getViewModel();
+$powerToysHelper = $this->helper(\Jajuma\PowerToys\Helper\Data::class);
+$nonce = $powerToysHelper->getNonce();
 ?>
 
-<script>
+<script <?= $nonce ? 'nonce="' . $nonce . '"' : '' ?>>
     window.magewire = new Livewire();
     window.Livewire = window.magewire
     window.Magewire = window.magewire

diff --git a/view/frontend/templates/powertoys_loader.phtml b/view/frontend/templates/powertoys_loader.phtml
@@ -15,10 +15,12 @@ use Magento\Framework\View\Element\Template;
 
 $urlLoader = $escaper->escapeUrl($block->getUrl('jajuma_powertoys/html/render'));
 $livewireScriptUrl = $escaper->escapeUrl($block->getViewFileUrl('Magewirephp_Magewire::js/livewire.js'));
+$powerToysHelper = $this->helper(\Jajuma\PowerToys\Helper\Data::class);
+$nonce = $powerToysHelper->getNonce();
 ?>
 <div powertoys-loader></div>
 
-<script>
+<script <?= $nonce ? 'nonce="' . $nonce . '"' : '' ?>>
     document.addEventListener("DOMContentLoaded", async (event) => {
         //Script Loader
         var getScript = url => new Promise((resolve, reject) => {