fixup! use wp_headers filter; use random bytes for nonce

timmywil · timmywil · commit 26cacf0248be · 2024-08-24T11:04:45.000-04:00
diff --git a/themes/jquery/functions.php b/themes/jquery/functions.php
@@ -255,8 +255,8 @@ function jq_image_posted_on() {
 /**
  * Content Security Policy
  */
-function jq_content_security_policy() {
-	$nonce = wp_create_nonce( JQUERY_LIVE_SITE );
+function jq_content_security_policy( $headers ) {
+	$nonce = bin2hex( random_bytes( 8 ) );
 	$policy = array(
 		'default-src' => "'self'",
 		'script-src' => "'self' 'nonce-$nonce' code.jquery.com",
@@ -285,5 +285,9 @@ function jq_content_security_policy() {
 		$policy_string .= $key . ' ' . $value . '; ';
 	}
 
-	header( 'Content-Security-Policy-Report-Only: ' . $policy_string );
+	$headers[] = 'Content-Security-Policy: ' . $policy_string;
+
+	return $headers;
 }
+
+add_filter( 'wp_headers', 'jq_content_security_policy' );
diff --git a/themes/jquery/header.php b/themes/jquery/header.php
@@ -1,4 +1,3 @@
-<?php jq_content_security_policy() ?>
 <!doctype html>
 <html class="no-js" <?php language_attributes(); ?>>
 <head>

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,3 @@`
`1`		`-<?php jq_content_security_policy() ?>`
`2`	`1`	`<!doctype html>`
`3`	`2`	`<html class="no-js" <?php language_attributes(); ?>>`
`4`	`3`	`<head>`