PolicyMutatedEvent¶

New in version 12.3

The PSR-14 event \TYPO3\CMS\Core\Security\ContentSecurityPolicy\Event\PolicyMutatedEvent will be dispatched once all mutations have been applied to the current Content Security Policy object, just before the corresponding HTTP header is added to the HTTP response object. This allows individual adjustments for custom implementations.

Example¶

            EXT:my_extension/Classes/ContentSecurityPolicy/EventListener/MyEventListener.php
        

<?php

declare(strict_types=1);

namespace MyVendor\MyExtension\ContentSecurityPolicy\EventListener;

use TYPO3\CMS\Core\Attribute\AsEventListener;
use TYPO3\CMS\Core\Security\ContentSecurityPolicy\Directive;
use TYPO3\CMS\Core\Security\ContentSecurityPolicy\Event\PolicyMutatedEvent;
use TYPO3\CMS\Core\Security\ContentSecurityPolicy\UriValue;

#[AsEventListener(
    identifier: 'my-extension/mutate-policy',
)]
final readonly class MyEventListener
{
    public function __invoke(PolicyMutatedEvent $event): void
    {
        if ($event->scope->type->isFrontend()) {
            // In our example, only the backend policy should be adjusted
            return;
        }

        // Allow images from example.org
        $event->getCurrentPolicy()->extend(
            Directive::ImgSrc,
            new UriValue('https://example.org/'),
        );
    }
}

New in version 13.0

The PHP attribute \TYPO3\CMS\Core\Attribute\AsEventListener has been introduced to tag a PHP class as an event listener. Alternatively, or if you need to be compatible with older TYPO3 versions, you can also register an event listener via the Configuration/Services.yaml file. Switch to an older version of this page for an example or have a look at the section Implementing an event listener in your extension.

API¶

class \TYPO3\CMS\Core\Security\ContentSecurityPolicy\Event\ PolicyMutatedEvent¶

scope ¶

defaultPolicy ¶

isPropagationStopped ( ) ¶

returntype: bool

stopPropagation ( ) ¶

getCurrentPolicy ( ) ¶

returntype: TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy

setCurrentPolicy ( TYPO3\\CMS\\Core\\Security\\ContentSecurityPolicy\\Policy $currentPolicy) ¶

param TYPO3\\CMS\\Core\\Security\\ContentSecurityPolicy\\Policy $currentPolicy: the currentPolicy

getMutationCollections ( ) ¶

returntype: array

Returns:: list<MutationCollection>

setMutationCollections ( TYPO3\\CMS\\Core\\Security\\ContentSecurityPolicy\\MutationCollection $mutationCollections) ¶

param TYPO3\\CMS\\Core\\Security\\ContentSecurityPolicy\\MutationCollection $mutationCollections: the mutationCollections