Skip to content

Vulnerability related to nonces in scripts used with the Sec-Header_XH header #2

Description

@olape-git

Add to index.php

// for security headers
$hifb_nonce = '';
if (function_exists('sh_cspHeaderNonce')) {
    $hifb_nonce = ' nonce="' . sh_cspHeaderNonce() . '"';
}

'<script type="text/javascript">

to:

<script' . $hifb_nonce . '>

Same here:

'<script type="text/javascript">

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions