Skip to content

fix: Hardcoded CSP Nonce Tags in ResponseTrait#9937

Merged
paulbalandan merged 15 commits intocodeigniter4:developfrom
patel-vansh:fix/hardcoded-csp-tags
Feb 15, 2026
Merged

fix: Hardcoded CSP Nonce Tags in ResponseTrait#9937
paulbalandan merged 15 commits intocodeigniter4:developfrom
patel-vansh:fix/hardcoded-csp-tags

Conversation

@patel-vansh
Copy link
Contributor

@patel-vansh patel-vansh commented Feb 8, 2026

Description
This PR fixes #9935.

Created one method in system/HTTP/ContentSecurityPolicy.php to clear all nonce placeholders.

Checklist:

  • Securely signed commits
  • Component(s) with PHPDoc blocks, only if necessary or adds value (without duplication)
  • Unit testing, with >80% coverage
  • User guide updated
  • Conforms to style guide

@michalsn michalsn added the bug Verified issues on the current code behavior or pull requests that will fix them label Feb 8, 2026
paulbalandan
paulbalandan reviewed Feb 8, 2026
View reviewed changes
Copy link
Member

@paulbalandan paulbalandan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The tests don't make sense. You should be testing instead the behavior when the response is sent when CSP is not enabled.

@patel-vansh @paulbalandan
Apply code suggestions
65b1a04 
Co-authored-by: John Paul E. Balandan, CPA <paulbalandan@gmail.com>
@patel-vansh patel-vansh force-pushed the fix/hardcoded-csp-tags branch from 97b1297 to 65b1a04 Compare February 10, 2026 04:50
@michalsn
Copy link
Member

michalsn commented Feb 10, 2026

@patel-vansh Please rebase to resolve conflicts.

@patel-vansh
Copy link
Contributor Author

patel-vansh commented Feb 11, 2026

@michalsn Done.

paulbalandan
paulbalandan reviewed Feb 11, 2026
View reviewed changes
paulbalandan
paulbalandan reviewed Feb 14, 2026
View reviewed changes
paulbalandan
paulbalandan approved these changes Feb 15, 2026
View reviewed changes
Copy link
Member

@paulbalandan paulbalandan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks a lot!

michalsn
michalsn approved these changes Feb 15, 2026
View reviewed changes
Copy link
Member

@michalsn michalsn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you!

@paulbalandan paulbalandan merged commit 615ef4d into codeigniter4:develop Feb 15, 2026
50 checks passed
@paulbalandan
Copy link
Member

paulbalandan commented Feb 15, 2026

Thank you, @patel-vansh

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@michalsn michalsn michalsn approved these changes

@paulbalandan paulbalandan paulbalandan approved these changes

Assignees

No one assigned

Labels

bug Verified issues on the current code behavior or pull requests that will fix them

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Bug: Hardcoded CSP Nonce Tags in ResponseTrait

3 participants

@patel-vansh @michalsn @paulbalandan