Merge branch 'ACP2E-3308' of https://github.com/adobe-commerce-tier-4/magento2ce into Tier4-09-12-2024

thiaramus · thiaramus · commit 92c8c57891c7 · 2024-09-13T09:15:02.000-05:00
diff --git a/app/code/Magento/Csp/ViewModel/NonceProvider.php b/app/code/Magento/Csp/ViewModel/NonceProvider.php
@@ -0,0 +1,43 @@
+<?php
+/**
+ * Copyright 2024 Adobe
+ * All Rights Reserved.
+ */
+declare(strict_types=1);
+
+namespace Magento\Csp\ViewModel;
+
+use Magento\Csp\Helper\CspNonceProvider;
+use Magento\Framework\Exception\LocalizedException;
+use Magento\Framework\View\Element\Block\ArgumentInterface;
+
+/**
+ * This class provides a nonce for the Content Security Policy (CSP) header.
+ */
+class NonceProvider implements ArgumentInterface
+{
+    /**
+     * @var CspNonceProvider
+     */
+    private $cspNonceProvider;
+
+    /**
+     * @param CspNonceProvider $cspNonceProvider
+     */
+    public function __construct(
+        CspNonceProvider $cspNonceProvider,
+    ) {
+        $this->cspNonceProvider = $cspNonceProvider;
+    }
+
+    /**
+     * Returns a nonce for the Content Security Policy (CSP) header.
+     *
+     * @return string
+     * @throws LocalizedException
+     */
+    public function getNonce(): string
+    {
+        return $this->cspNonceProvider->generateNonce();
+    }
+}
diff --git a/app/code/Magento/Csp/view/base/requirejs-config.js b/app/code/Magento/Csp/view/base/requirejs-config.js
@@ -0,0 +1,12 @@
+/**
+ * Copyright 2024 Adobe
+ * All Rights Reserved.
+ */
+
+var config = {
+    map: {
+        '*': {
+            'nonceInjector': 'Magento_Csp/js/nonce-injector'
+        }
+    }
+};
diff --git a/app/code/Magento/Csp/view/base/templates/nonce/nonce.phtml b/app/code/Magento/Csp/view/base/templates/nonce/nonce.phtml
@@ -0,0 +1,22 @@
+<?php
+/**
+ * Copyright 2024 Adobe
+ * All Rights Reserved.
+ */
+
+/**
+ * @var \Magento\Framework\Escaper $escaper
+ */
+
+$nonceProvider = $block->getNonceProvider();
+
+?>
+<script type="text/x-magento-init">
+    {
+        "*": {
+            "nonceInjector": {
+                "nonce": "<?= $escaper->escapeJs($nonceProvider->getNonce()); ?>"
+        }
+    }
+}
+</script>
diff --git a/app/code/Magento/Csp/view/base/web/js/nonce-injector.js b/app/code/Magento/Csp/view/base/web/js/nonce-injector.js
@@ -0,0 +1,12 @@
+/**
+ * Copyright 2024 Adobe
+ * All Rights Reserved.
+ */
+
+define('Magento_Csp/js/nonce-injector', [], function () {
+    'use strict';
+
+    return function (config) {
+        window.cspNonce = config.nonce;
+    };
+});
