From 98e1a5610fb6ce7f13f1a112a52737b06c0c9d36 Mon Sep 17 00:00:00 2001
From: Roman Zimmermann <roman@more-onion.com>
Date: Thu, 12 Dec 2024 15:45:07 +0100
Subject: [PATCH] feat: Remove nonce value if 'unsafe-inline' is added

---
 d7csp.module | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/d7csp.module b/d7csp.module
index 5d29bdb..900e30b 100644
--- a/d7csp.module
+++ b/d7csp.module
@@ -82,6 +82,11 @@ function d7csp_seckit_options_alter(array &$options) {
     if ($directive != 'default-src') {
       $hosts[$directive] = array_merge($hosts['default-src'], $host_list);
     }
+    if (in_array("'unsafe-inline'", $hosts[$directive])) {
+      $hosts[$directive] = array_filter($hosts[$directive], function($item) {
+        return substr($item, 0, 7) !== "'nonce-";
+      });
+    }
   }
   // Put everything back together.
   foreach ($hosts as $directive => $host_list) {