PolicyMutatedEvent
New in version 12.3
The PSR-14 event
\TYPO3\
will be dispatched once all mutations have been applied to the current
Content Security Policy object, just before the
corresponding HTTP header is added to the HTTP response object. This allows
individual adjustments for custom implementations.
Example
Registration of the event listener in the extension's Services.
:
EXT:my_extension/Configuration/Services.yaml
services:
# Place here the default dependency injection configuration
MyVendor\MyExtension\ContentSecurityPolicy\EventListener\MyEventListener:
tags:
- name: event.listener
identifier: 'my-extension/mutate-policy'
Read how to configure dependency injection in extensions.
The corresponding event listener class:
EXT:my_extension/Classes/ContentSecurityPolicy/EventListener/MyEventListener.php
<?php
declare(strict_types=1);
namespace MyVendor\MyExtension\ContentSecurityPolicy\EventListener;
use TYPO3\CMS\Core\Security\ContentSecurityPolicy\Directive;
use TYPO3\CMS\Core\Security\ContentSecurityPolicy\Event\PolicyMutatedEvent;
use TYPO3\CMS\Core\Security\ContentSecurityPolicy\UriValue;
final class MyEventListener
{
public function __invoke(PolicyMutatedEvent $event): void
{
if ($event->scope->type->isFrontend()) {
// In our example, only the backend policy should be adjusted
return;
}
// Allow images from example.org
$event->getCurrentPolicy()->extend(
Directive::ImgSrc,
new UriValue('https://example.org/'),
);
}
}