Silverstripe Version:
Silverstripe 4
Question:
My organisation is currently trying to deploy content security policies (CSP) Content Security Policy (CSP) - HTTP | MDN
One of the organisations requirements is to remove the script-src ‘unsafe-inline’
We use one Silverstripe template for multiple websites and many config options are stored in the siteconfig to allow each site to have different options but follow our same templates
I’ve edited our templates and have moved most of the inline scripts out into .js files and required them as normal in ss templates.
This has worked for 90% however some ss templates call variables from the siteconfig to generate the javascript so I cannot move these out to static .js files
is there any way to create a ss file that is built to a .js file and stored in /javascript folder?
I know i can hard code multiple .js files and then only require the correct one but this wont work in all cases and seams like a fudge.
bellow is an example of a .ss file that is included on every page template
<% if $SiteConfig.GoogleAnalyticsUA %>
<script>
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','//www.google-analytics.com/analytics.js','ga');
ga('create', '{$SiteConfig.GoogleAnalyticsUA}', 'auto');
ga('require', 'displayfeatures');
ga('set', 'anonymizeIp', true);
ga('send', 'pageview');
</script>
<% end_if %>
Thanks,