PolicyMutatedEvent 

The PSR-14 event \TYPO3\CMS\Core\Security\ContentSecurityPolicy\Event\PolicyMutatedEvent will be dispatched once all mutations have been applied to the current Content Security Policy object, just before the corresponding HTTP header is added to the HTTP response object. This allows individual adjustments for custom implementations.

Example 

EXT:my_extension/Classes/ContentSecurityPolicy/EventListener/MyEventListener.php 
<?php

declare(strict_types=1);

namespace MyVendor\MyExtension\ContentSecurityPolicy\EventListener;

use TYPO3\CMS\Core\Attribute\AsEventListener;
use TYPO3\CMS\Core\Security\ContentSecurityPolicy\Directive;
use TYPO3\CMS\Core\Security\ContentSecurityPolicy\Event\PolicyMutatedEvent;
use TYPO3\CMS\Core\Security\ContentSecurityPolicy\UriValue;

#[AsEventListener(
    identifier: 'my-extension/mutate-policy',
)]
final readonly class MyEventListener
{
    public function __invoke(PolicyMutatedEvent $event): void
    {
        if ($event->scope->type->isFrontend()) {
            // In our example, only the backend policy should be adjusted
            return;
        }

        // Allow images from example.org
        $event->getCurrentPolicy()->extend(
            Directive::ImgSrc,
            new UriValue('https://example.org/'),
        );
    }
}
Copied!

API 

class PolicyMutatedEvent
Fully qualified name
\TYPO3\CMS\Core\Security\ContentSecurityPolicy\Event\PolicyMutatedEvent
public readonly scope
public readonly request
public readonly defaultPolicy
isPropagationStopped ( )
Returns
bool
stopPropagation ( )
getCurrentPolicy ( )
Returns
TYPO3CMSCoreSecurityContentSecurityPolicyPolicy
setCurrentPolicy ( \TYPO3\CMS\Core\Security\ContentSecurityPolicy\Policy $currentPolicy)
param $currentPolicy

the currentPolicy

getMutationCollections ( )
Returns
list<MutationCollection>
setMutationCollections ( \TYPO3\CMS\Core\Security\ContentSecurityPolicy\MutationCollection ...$mutationCollections)
param $mutationCollections

the mutationCollections