Attention
TYPO3 v12 has reached end-of-life as of April 30th 2026 and is no longer being maintained. Use the version switcher on the top left of this page to select documentation for a supported version of TYPO3.
Need more time before upgrading? You can purchase Extended Long Term Support (ELTS) for TYPO3 v12 here: TYPO3 ELTS.
PolicyMutatedEvent
New in version 12.3
The PSR-14 event
\TYPO3\
will be dispatched once all mutations have been applied to the current
Content Security Policy object, just before the
corresponding HTTP header is added to the HTTP response object. This allows
individual adjustments for custom implementations.
Example
Registration of the event listener in the extension's Services.:
services:
# Place here the default dependency injection configuration
MyVendor\MyExtension\ContentSecurityPolicy\EventListener\MyEventListener:
tags:
- name: event.listener
identifier: 'my-extension/mutate-policy'
Read how to configure dependency injection in extensions.
The corresponding event listener class:
<?php
declare(strict_types=1);
namespace MyVendor\MyExtension\ContentSecurityPolicy\EventListener;
use TYPO3\CMS\Core\Security\ContentSecurityPolicy\Directive;
use TYPO3\CMS\Core\Security\ContentSecurityPolicy\Event\PolicyMutatedEvent;
use TYPO3\CMS\Core\Security\ContentSecurityPolicy\UriValue;
final class MyEventListener
{
public function __invoke(PolicyMutatedEvent $event): void
{
if ($event->scope->type->isFrontend()) {
// In our example, only the backend policy should be adjusted
return;
}
// Allow images from example.org
$event->getCurrentPolicy()->extend(
Directive::ImgSrc,
new UriValue('https://example.org/'),
);
}
}