PolicyMutatedEvent

New in version 12.3

The PSR-14 event \TYPO3\CMS\Core\Security\ContentSecurityPolicy\Event\PolicyMutatedEvent will be dispatched once all mutations have been applied to the current Content Security Policy object, just before the corresponding HTTP header is added to the HTTP response object. This allows individual adjustments for custom implementations.

Example

Registration of the event listener in the extension's Services.yaml:

EXT:my_extension/Configuration/Services.yaml 
services:
  # Place here the default dependency injection configuration

  MyVendor\MyExtension\ContentSecurityPolicy\EventListener\MyEventListener:
    tags:
      - name: event.listener
        identifier: 'my-extension/mutate-policy'
Copied!

Read how to configure dependency injection in extensions.

The corresponding event listener class:

EXT:my_extension/Classes/ContentSecurityPolicy/EventListener/MyEventListener.php 
<?php

declare(strict_types=1);

namespace MyVendor\MyExtension\ContentSecurityPolicy\EventListener;

use TYPO3\CMS\Core\Security\ContentSecurityPolicy\Directive;
use TYPO3\CMS\Core\Security\ContentSecurityPolicy\Event\PolicyMutatedEvent;
use TYPO3\CMS\Core\Security\ContentSecurityPolicy\UriValue;

final class MyEventListener
{
    public function __invoke(PolicyMutatedEvent $event): void
    {
        if ($event->scope->type->isFrontend()) {
            // In our example, only the backend policy should be adjusted
            return;
        }

        // Allow images from example.org
        $event->getCurrentPolicy()->extend(
            Directive::ImgSrc,
            new UriValue('https://example.org/'),
        );
    }
}
Copied!

API

class \TYPO3\CMS\Core\Security\ContentSecurityPolicy\Event\ PolicyMutatedEvent
scope
defaultPolicy
isPropagationStopped ( )
returntype

bool

stopPropagation ( )
getCurrentPolicy ( )
returntype

TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy

setCurrentPolicy ( TYPO3\\CMS\\Core\\Security\\ContentSecurityPolicy\\Policy $currentPolicy)
param TYPO3\\CMS\\Core\\Security\\ContentSecurityPolicy\\Policy $currentPolicy

the currentPolicy

getMutationCollections ( )
returntype

array

Returns:

list<MutationCollection>

setMutationCollections ( TYPO3\\CMS\\Core\\Security\\ContentSecurityPolicy\\MutationCollection $mutationCollections)
param TYPO3\\CMS\\Core\\Security\\ContentSecurityPolicy\\MutationCollection $mutationCollections

the mutationCollections