lthn.io

lthn/lthn.io

Fork 0

Commit graph

Author	SHA1	Message	Date
Claude	8a21996add	security: add CSP nonce attributes to inline scripts and styles Added @cspnonce to all inline <script> and <style> tags in layout, explorer, and register views. Enabled nonce generation in headers config. unsafe-inline kept as fallback. Nonces will activate after container restart when the Headers Boot registers the Blade directive. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-04 10:22:38 +01:00
Claude	45ad7f3858	fix: publish CSP config with unsafe-inline for inline styles/scripts The $event->routes() pattern applies SecurityHeaders middleware which sets CSP. Inline <style> and <script> tags in Blade views need unsafe-inline to render. Published config from framework with fix. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-04 09:22:04 +01:00

Author

SHA1

Message

Date

Claude

8a21996add

security: add CSP nonce attributes to inline scripts and styles

Added @cspnonce to all inline <script> and <style> tags in layout,
explorer, and register views. Enabled nonce generation in headers
config. unsafe-inline kept as fallback. Nonces will activate after
container restart when the Headers Boot registers the Blade directive.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-04-04 10:22:38 +01:00

Claude

45ad7f3858

fix: publish CSP config with unsafe-inline for inline styles/scripts

The $event->routes() pattern applies SecurityHeaders middleware which
sets CSP. Inline <style> and <script> tags in Blade views need
unsafe-inline to render. Published config from framework with fix.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-04-04 09:22:04 +01:00

2 commits