How can I use spatie/laravel-responsecache with spatie/laravel-csp nonce together. #440

onurakman · 2023-05-10T13:32:22Z

onurakman
May 10, 2023

How can I use spatie/laravel-responsecache with spatie/laravel-csp together. I will be glad if you help.

Jun 1, 2023

If your issue is you're concerned with the nonce being the same for all cached responses then I created a replacer class you add to your responsecache.php config file.

<?php declare(strict_types = 1);

namespace App\Csp;

use Spatie\ResponseCache\Replacers\Replacer;
use Symfony\Component\HttpFoundation\Response;

class NonceTokenReplacer implements Replacer
{
    protected string $replacementString = '<laravel-responsecache-cspnonce-token-here>';

    public function prepareResponseToCache(Response $response): void
    {
        $csp_header_name = 'content-security-policy';
        $csp_header = $response->headers->get($csp_header_name);
        if (!$csp_header) {
            $csp_header…

View full answer

uintaam · 2023-06-01T03:38:16Z

uintaam
Jun 1, 2023

If your issue is you're concerned with the nonce being the same for all cached responses then I created a replacer class you add to your responsecache.php config file.

<?php declare(strict_types = 1);

namespace App\Csp;

use Spatie\ResponseCache\Replacers\Replacer;
use Symfony\Component\HttpFoundation\Response;

class NonceTokenReplacer implements Replacer
{
    protected string $replacementString = '<laravel-responsecache-cspnonce-token-here>';

    public function prepareResponseToCache(Response $response): void
    {
        $csp_header_name = 'content-security-policy';
        $csp_header = $response->headers->get($csp_header_name);
        if (!$csp_header) {
            $csp_header_name = 'content-security-policy-report-only';
            $csp_header = $response->headers->get($csp_header_name);
        }

        if (! $csp_header || ! $response->getContent()) {
            return;
        }

        $response->headers->replace([$csp_header_name => str_replace(
            csp_nonce(),
            $this->replacementString,
            $csp_header
        )]);

        $response->setContent(str_replace(
            csp_nonce(),
            $this->replacementString,
            $response->getContent()
        ));
    }

    public function replaceInCachedResponse(Response $response): void
    {
        $csp_header_name = 'content-security-policy';
        $csp_header = $response->headers->get($csp_header_name);
        if (!$csp_header) {
            $csp_header_name = 'content-security-policy-report-only';
            $csp_header = $response->headers->get($csp_header_name);
        }

        if (! $csp_header || ! $response->getContent()) {
            return;
        }

        $response->headers->replace([$csp_header_name => str_replace(
            $this->replacementString,
            csp_nonce(),
            $csp_header
        )]);

        $response->setContent(str_replace(
            $this->replacementString,
            csp_nonce(),
            $response->getContent()
        ));
    }
}

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

How can I use spatie/laravel-responsecache with spatie/laravel-csp nonce together. #440

{{title}}

Replies: 1 comment

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Select a reply

How can I use spatie/laravel-responsecache with spatie/laravel-csp nonce together. #440

onurakman May 10, 2023

Replies: 1 comment

uintaam Jun 1, 2023

onurakman
May 10, 2023

uintaam
Jun 1, 2023