Skip to content

Refactor: Move CspNonceProvider to Model and deprecate old Helper class #40294

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: 2.4-develop
Choose a base branch
from
Open

Refactor: Move CspNonceProvider to Model and deprecate old Helper class #40294

wants to merge 2 commits into from

Conversation

@mimou78
Copy link
Contributor

@mimou78 mimou78 commented Nov 16, 2025

Summary

This pull request refactors the CspNonceProvider by moving the existing implementation from the Helper namespace to the Model namespace, following Magento architectural best practices.
The original helper class is now deprecated and acts as a backward-compatible proxy, ensuring no breaking changes for third-party modules.

No functional behavior has been modified. CSP nonce generation and CSP header enrichment work exactly as before.

Related Issue

Fixes #40266

Problem

The class Magento\Csp\Helper\CspNonceProvider is incorrectly located in a Helper namespace while it functions as a service and not a view helper.
This misalignment introduces architectural inconsistencies and may lead developers to misinterpret its intended usage.

Solution

  • Added a new class: Magento\Csp\Model\CspNonceProvider, which now contains the complete implementation.
  • Updated the old helper class to:
    • Include a @deprecated PHPDoc annotation (soft deprecation).
    • Proxy all logic to the new model class.
    • Trigger a deprecation notice for developers.
  • Ensured full backward compatibility by keeping the helper class as a fallback.
  • No runtime or functional changes introduced.

Deprecation Notice

Magento\Csp\Helper\CspNonceProvider is now deprecated.
Developers should migrate to Magento\Csp\Model\CspNonceProvider.

@m2-assistant
Copy link

m2-assistant bot commented Nov 16, 2025

Hi @mimou78. Thank you for your contribution!
Here are some useful tips on how you can test your changes using Magento test environment.
❗ Automated tests can be triggered manually with an appropriate comment:

  • @magento run all tests - run or re-run all required tests against the PR changes
  • @magento run <test-build(s)> - run or re-run specific test build(s)
    For example: @magento run Unit Tests

<test-build(s)> is a comma-separated list of build names.

Allowed build names are:
  1. Database Compare
  2. Functional Tests CE
  3. Functional Tests EE
  4. Functional Tests B2B
  5. Integration Tests
  6. Magento Health Index
  7. Sample Data Tests CE
  8. Sample Data Tests EE
  9. Sample Data Tests B2B
  10. Static Tests
  11. Unit Tests
  12. WebAPI Tests
  13. Semantic Version Checker

You can find more information about the builds here
ℹ️ Run only required test builds during development. Run all test builds before sending your pull request for review.

For more details, review the Code Contributions documentation.
Join Magento Community Engineering Slack and ask your questions in #github channel.

@ct-prd-pr-scan
Copy link

ct-prd-pr-scan bot commented Nov 16, 2025

The security team has been informed about this pull request due to the presence of risky security keywords. For security vulnerability reports, please visit Adobe's vulnerability disclosure program on HackerOne or email [email protected].

@mimou78
Copy link
Contributor Author

mimou78 commented Nov 16, 2025

@magento run all tests

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

\Magento\Csp\Helper\CspNonceProvider is not an actual Helper class - misleading naming

1 participant

@mimou78