bepsvpt/secure-headers

Laravel Horizon not loading UI

incoming-th opened this issue · 2 comments

Hi,

When setting script-src unsafe-inline and unsafe-inline to false (for security), this disable the Laravel Horizon UI:

image
image

As the config is cached we cannot do condition to change this unsafe-inline and unsafe-inline on the fly during page load.

Is there a tip on this or I am missing something?

Thanks

To change the config dynamically, you just need to call the config function.

For example,

// get current sha256 hashes for script-src
$hashes = config('secure-headers.csp.script-src.hashes.sha256');

// add another hash value
$hashes[] = 'some-hash-value';

// update the config
config(['secure-headers.csp.script-src.hashes.sha256' => $hashes]);

@bepsvpt That is actually a good tip, thanks for this and for this package too.

For more info: https://laravel.com/docs/5.8/configuration#accessing-configuration-values