Skip to content

Commit

Permalink
Incorrect namespace usage fix
Browse files Browse the repository at this point in the history 
Incorrect name was applied, this fix is to resolve that issue for the GoogleMaps fragment.

Additionally: 
Updated comment to reflect that some users may include GoogleMaps as a node package and not an inline script include. 

Thus the 'script-src' directive needs to be updated to include 'https://maps.google.com` URI to allow for Googles CSP validation test ( 'https://maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true'), this is called before GoogleMaps will actually load.
  • Loading branch information
@jareddreyerss @adrhumphreys
jareddreyerss authored and adrhumphreys committed Nov 16, 2021
1 parent ec36aa8 commit 3fde500
Showing 1 changed file with 4 additions and 3 deletions.
7 changes: 4 additions & 3 deletions src/Fragments/GoogleMaps.php
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,15 @@
<?php

namespace App\ContentSecurity\Fragments;
namespace Silverstripe\CSP\Fragments;

use Silverstripe\CSP\Directive;
use Silverstripe\CSP\Fragments\Fragment;
use Silverstripe\CSP\Policies\Policy;

/*
* Allows execution of Google Maps API related resources
* Nonce on the https://maps.google.com/maps/api/js URL is required before using this fragment.
* Depending on how you include GoogleMaps API you will need either:
* - inline script: requires nonce.
* - node package in build-chain via dynamic calls: whitelist 'https://maps.google.com' via 'script-src' directive.
*
* https://content-security-policy.com/examples/google-maps/
*/
Expand Down

0 comments on commit 3fde500

Please sign in to comment.