Security Policy violation in v12.4

[ste101]

After enabling 'Security: backend enforce content security policy' the browser console shows an error:
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'nonce-hZ9wyV6mnjrpPd6ozVOvYLbp6iINP-M6PHEYsu8P01PrEz57DDXHqw' 'report-sample'". Either the 'unsafe-inline' keyword, a hash ('sha256-0X2iein9ND1TcikMOT8afvZuD14Bks0cMBKpkRhcY1I='), or a nonce ('nonce-...') is required to enable inline execution.

[websi]

I think

Yoast-SEO-for-TYPO3/Classes/Hooks/BackendYoastConfig.php

Line 25 in 378cb2e

$pObject->addJsInlineCode('yoast-json-config', $jsonConfigUtility->render());

should be changed to

-$pObject->addJsInlineCode('yoast-json-config', $jsonConfigUtility->render());
+$pObject->addJsInlineCode('yoast-json-config', $jsonConfigUtility->render(), true, false, true);

[RinyVT]

@ste101 @websi
I just opened a pull request with 2 fixes, would you be able to test this? 😄

[ste101]

Now it is working, thanks 👍

[websi]

Yes, with these changes it is working

[websi]

#535 is not merged yet.