magento
diff --git a/‎.editorconfig
Lines changed: 1 addition & 1 deletion b/‎.editorconfig
Lines changed: 1 addition & 1 deletion
diff --git a/‎app/code/Magento/AdminAnalytics/Test/Mftf/class-file-naming-allowlist
Lines changed: 2 additions & 0 deletions b/‎app/code/Magento/AdminAnalytics/Test/Mftf/class-file-naming-allowlist
Lines changed: 2 additions & 0 deletions
diff --git a/‎app/code/Magento/AdminAnalytics/ViewModel/Metadata.php
Lines changed: 29 additions & 1 deletion b/‎app/code/Magento/AdminAnalytics/ViewModel/Metadata.php
Lines changed: 29 additions & 1 deletion
diff --git a/‎app/code/Magento/AdminAnalytics/composer.json
Lines changed: 2 additions & 1 deletion b/‎app/code/Magento/AdminAnalytics/composer.json
Lines changed: 2 additions & 1 deletion
diff --git a/‎app/code/Magento/AdminAnalytics/view/adminhtml/templates/tracking.phtml
Lines changed: 17 additions & 9 deletions b/‎app/code/Magento/AdminAnalytics/view/adminhtml/templates/tracking.phtml
Lines changed: 17 additions & 9 deletions
diff --git a/‎app/code/Magento/AdminNotification/Test/Mftf/ActionGroup/AdminSystemMessagesActionGroup.xml renamed to ‎app/code/Magento/AdminNotification/Test/Mftf/ActionGroup/AdminSystemMessagesWarningActionGroup.xml b/‎app/code/Magento/AdminNotification/Test/Mftf/ActionGroup/AdminSystemMessagesActionGroup.xml renamed to ‎app/code/Magento/AdminNotification/Test/Mftf/ActionGroup/AdminSystemMessagesWarningActionGroup.xml
diff --git a/‎app/code/Magento/AdminNotification/Test/Unit/Block/Grid/Renderer/SeverityTest.php
Lines changed: 1 addition & 1 deletion b/‎app/code/Magento/AdminNotification/Test/Unit/Block/Grid/Renderer/SeverityTest.php
Lines changed: 1 addition & 1 deletion
diff --git a/‎app/code/Magento/AdminNotification/Test/Unit/Block/ToolbarEntryTest.php
Lines changed: 25 additions & 0 deletions b/‎app/code/Magento/AdminNotification/Test/Unit/Block/ToolbarEntryTest.php
Lines changed: 25 additions & 0 deletions
diff --git a/‎app/code/Magento/AdminNotification/Test/Unit/Observer/PredispatchAdminActionControllerObserverTest.php
Lines changed: 3 additions & 3 deletions b/‎app/code/Magento/AdminNotification/Test/Unit/Observer/PredispatchAdminActionControllerObserverTest.php
Lines changed: 3 additions & 3 deletions
diff --git a/‎app/code/Magento/AdvancedPricingImportExport/Test/Unit/Model/Export/AdvancedPricingTest.php
Lines changed: 5 additions & 2 deletions b/‎app/code/Magento/AdvancedPricingImportExport/Test/Unit/Model/Export/AdvancedPricingTest.php
Lines changed: 5 additions & 2 deletions
@@ -14,7 +14,7 @@ trim_trailing_whitespace = false
 [*.{yml,yaml,json}]
 indent_size = 2
 
-[{composer, auth}.json]
+[{composer,auth}.json]
 indent_size = 4
 
 [db_schema_whitelist.json]
 
@@ -0,0 +1,2 @@
+CloseAllDialogBoxes
+SelectAdminUsageSetting
@@ -9,7 +9,9 @@
 namespace Magento\AdminAnalytics\ViewModel;
 
 use Magento\Config\Model\Config\Backend\Admin\Custom;
+use Magento\Csp\Helper\CspNonceProvider;
 use Magento\Framework\App\Config\ScopeConfigInterface;
+use Magento\Framework\App\ObjectManager;
 use Magento\Framework\App\ProductMetadataInterface;
 use Magento\Backend\Model\Auth\Session;
 use Magento\Framework\App\State;
@@ -21,6 +23,11 @@
  */
 class Metadata implements ArgumentInterface
 {
+    /**
+     * @var string
+     */
+    private $nonce;
+
     /**
      * @var State
      */
@@ -41,22 +48,33 @@ class Metadata implements ArgumentInterface
      */
     private $config;
 
+    /**
+     * @var CspNonceProvider
+     */
+    private $nonceProvider;
+
     /**
      * @param ProductMetadataInterface $productMetadata
      * @param Session $authSession
      * @param State $appState
      * @param ScopeConfigInterface $config
+     * @param CspNonceProvider|null $nonceProvider
      */
     public function __construct(
         ProductMetadataInterface $productMetadata,
         Session $authSession,
         State $appState,
-        ScopeConfigInterface $config
+        ScopeConfigInterface $config,
+        CspNonceProvider $nonceProvider = null
     ) {
         $this->productMetadata = $productMetadata;
         $this->authSession = $authSession;
         $this->appState = $appState;
         $this->config = $config;
+
+        $this->nonceProvider = $nonceProvider ?: ObjectManager::getInstance()->get(CspNonceProvider::class);
+
+        $this->nonce = $this->nonceProvider->generateNonce();
     }
 
     /**
@@ -156,4 +174,14 @@ public function getCurrentUserRoleName(): string
     {
         return $this->authSession->getUser()->getRole()->getRoleName();
     }
+
+    /**
+     * Get a random nonce for each request.
+     *
+     * @return string
+     */
+    public function getNonce(): string
+    {
+        return $this->nonce;
+    }
 }
@@ -11,7 +11,8 @@
         "magento/module-config": "*",
         "magento/module-store": "*",
         "magento/module-ui": "*",
-        "magento/module-release-notification": "*"
+        "magento/module-release-notification": "*",
+        "magento/module-csp": "*"
     },
     "type": "magento2-module",
     "license": [
 
@@ -6,6 +6,7 @@
 
 /**
  * @var \Magento\Framework\View\Helper\SecureHtmlRenderer $secureRenderer
+ * @var \Magento\Framework\Escaper $escaper
  */
 ?>
 
@@ -22,18 +23,25 @@
 <?php
 /** @var \Magento\AdminAnalytics\ViewModel\Metadata $metadata */
 $metadata = $block->getMetadata();
+$nonce = $escaper->escapeJs($metadata->getNonce());
 $scriptString = '
     var adminAnalyticsMetadata = {
-        "secure_base_url": "' . $block->escapeJs($metadata->getSecureBaseUrlForScope()) . '",
-        "version": "' . $block->escapeJs($metadata->getMagentoVersion()) . '",
-        "product_edition": "' . $block->escapeJs($metadata->getProductEdition()) . '",
-        "user": "' . $block->escapeJs($metadata->getCurrentUser()) . '",
-        "mode": "' . $block->escapeJs($metadata->getMode()) . '",
-        "store_name_default": "' . $block->escapeJs($metadata->getStoreNameForScope()) . '",
-        "admin_user_created": "' . $block->escapeJs($metadata->getCurrentUserCreatedDate()) . '",
-        "admin_user_logdate": "' . $block->escapeJs($metadata->getCurrentUserLogDate()) . '",
-        "admin_user_role_name": "' . $block->escapeJs($metadata->getCurrentUserRoleName()) . '"
+        "secure_base_url": "' . $escaper->escapeJs($metadata->getSecureBaseUrlForScope()) . '",
+        "version": "' . $escaper->escapeJs($metadata->getMagentoVersion()) . '",
+        "product_edition": "' . $escaper->escapeJs($metadata->getProductEdition()) . '",
+        "user": "' . $escaper->escapeJs($metadata->getCurrentUser()) . '",
+        "mode": "' . $escaper->escapeJs($metadata->getMode()) . '",
+        "store_name_default": "' . $escaper->escapeJs($metadata->getStoreNameForScope()) . '",
+        "admin_user_created": "' . $escaper->escapeJs($metadata->getCurrentUserCreatedDate()) . '",
+        "admin_user_logdate": "' . $escaper->escapeJs($metadata->getCurrentUserLogDate()) . '",
+        "admin_user_role_name": "' . $escaper->escapeJs($metadata->getCurrentUserRoleName()) . '"
     };
+
+    var digitalData = {
+        "nonce": "' . $nonce . '"
+    };
+
+    var cspNonce = "' . $nonce . '";
 ';
 ?>
 <?= /* @noEscape */ $secureRenderer->renderTag('script', [], $scriptString, false); ?>
@@ -46,7 +46,7 @@ public function testShouldRenderSeverity() : void
         /** @var Column|MockObject $columnMock */
         $columnMock = $this->getMockBuilder(Column::class)
             ->disableOriginalConstructor()
-            ->setMethods(['getIndex'])
+            ->addMethods(['getIndex'])
             ->getMock();
         $columnMock->expects($this->exactly(5))->method('getIndex')->willReturn('index');
         $this->sut->setColumn($columnMock);
 
@@ -12,6 +12,8 @@
 
 use Magento\AdminNotification\Block\ToolbarEntry;
 use Magento\AdminNotification\Model\ResourceModel\Inbox\Collection\Unread;
+use Magento\Directory\Helper\Data as DirectoryHelper;
+use Magento\Framework\Json\Helper\Data as JsonHelper;
 use Magento\Framework\TestFramework\Unit\Helper\ObjectManager;
 use PHPUnit\Framework\TestCase;
 
@@ -26,6 +28,17 @@ class ToolbarEntryTest extends TestCase
     protected function _getBlockInstance($unreadNotifications)
     {
         $objectManagerHelper = new ObjectManager($this);
+        $objects = [
+            [
+                JsonHelper::class,
+                $this->createMock(JsonHelper::class)
+            ],
+            [
+                DirectoryHelper::class,
+                $this->createMock(DirectoryHelper::class)
+            ]
+        ];
+        $objectManagerHelper->prepareObjectManager($objects);
         // mock collection of unread notifications
         $notificationList = $this->createPartialMock(
             Unread::class,
@@ -52,6 +65,18 @@ public function testGetLatestUnreadNotifications()
     {
         $helper = new ObjectManager($this);
 
+        $objects = [
+            [
+                JsonHelper::class,
+                $this->createMock(JsonHelper::class)
+            ],
+            [
+                DirectoryHelper::class,
+                $this->createMock(DirectoryHelper::class)
+            ]
+        ];
+        $helper->prepareObjectManager($objects);
+
         // 1. Create mocks
         $notificationList = $this->createMock(Unread::class);
 
 
@@ -68,17 +68,17 @@ protected function setUp(): void
 
         $this->backendAuthSessionMock = $this->getMockBuilder(Session::class)
             ->disableOriginalConstructor()
-            ->setMethods(['isLoggedIn'])
+            ->onlyMethods(['isLoggedIn'])
             ->getMock();
 
         $this->feedMock = $this->getMockBuilder(Feed::class)
             ->disableOriginalConstructor()
-            ->setMethods(['checkUpdate'])
+            ->onlyMethods(['checkUpdate'])
             ->getMock();
 
         $this->feedFactoryMock = $this->getMockBuilder(FeedFactory::class)
             ->disableOriginalConstructor()
-            ->setMethods(['create'])
+            ->onlyMethods(['create'])
             ->getMock();
 
         $this->observer = $this->objectManager->getObject(
 
@@ -225,13 +225,15 @@ protected function setUp(): void
             'initWebsites',
             'initCategories'
         ];
+        $mockAddMethods = [
+            '_headerColumns'
+        ];
         $mockMethods = array_merge($constructorMethods, [
             '_customHeadersMapping',
             '_prepareEntityCollection',
             '_getEntityCollection',
             'getWriter',
             'getExportData',
-            '_headerColumns',
             '_customFieldsMapping',
             'getItemsPerPage',
             'paginateCollection',
@@ -243,7 +245,8 @@ protected function setUp(): void
         $this->advancedPricing = $this->getMockBuilder(
             AdvancedPricing::class
         )
-            ->setMethods($mockMethods)
+            ->addMethods($mockAddMethods)
+            ->onlyMethods($mockMethods)
             ->disableOriginalConstructor()
             ->getMock();
         foreach ($constructorMethods as $method) {
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+CloseAllDialogBoxes`
	`2`	`+SelectAdminUsageSetting`