CSP nonce

> I tried with litespeed_buffer_after but it does not work

Could you please explain a bit what or how exactly did you do ?

Here is my code:

add_action( 'template_redirect', function () {

	ob_start( function ( $output ) {

		$nonces = [];

		$output = preg_replace_callback( '#<script.*?\>#', function ( $matches ) use ( &$nonces ) {
			$nonce = wp_create_nonce( $matches[0] );
			$nonces[] = $nonce;

			return str_replace( '<script', "<script nonce='{$nonce}'", $matches[0] );
		}, $output );
		
		$output = preg_replace_callback( '#<style.*?\>#', function ( $matches ) use ( &$nonces ) {
			$nonce = wp_create_nonce( $matches[0] );
			$nonces[] = $nonce;

			return str_replace( '<style', "<style nonce='{$nonce}'", $matches[0] );
		}, $output );

		$nonces_csp = array_reduce( $nonces, function ( $header, $nonce ) {
			return "{$header} 'nonce-{$nonce}'";
		}, '' );

		header( sprintf( "Content-Security-Policy: base-uri 'self' data:; object-src 'none'; script-src https:%s 'strict-dynamic'", $nonces_csp ) );

		return $output;
	} );

} );

So I tried to do the same with litespeed_buffer_after:
add_action( 'litespeed_buffer_after', function ($content) {…
But it does not work.
Maybe it’s not the way the hook should be used, so I ask you…

the logic looks right , ish

the litespeed_buffer_after is used to modify the html output before send to user

if you just do a simple string replace on some or any text, does it work ? like

function lscwp_test_check( $content ) {
    return str_replace( 'something1', 'something2', $content );
}
add_filter( 'litespeed_buffer_after', 'lscwp_test_check', 0);

Test code works perfectly.
But with my code snippet, I just had a blanck empty page. I just removed the ob_start function – now my code works perfectly.
Can be used to have a secured CSP.
Thanks for help!

it works now ?

Yes! It works perfectly. ob_start was ΤHE problem!

• This reply was modified 2 years, 7 months ago by Pascal CESCATO.