CSP: Document if scope is necessary

[cweiske]

Current behavior

The "Content Security Policy" documentation at https://docs.typo3.org/m/typo3/reference-coreapi/13.4/en-us/ApiOverview/ContentSecurityPolicy/Index.html#content-security-policy-extension mentions that I can pass a scope in my ContentSecurityPolicies.php file:

Additionally, a Scope instance object is included, which can either be Scope::backend() or Scope::frontend().

It's not clear if I can omit the scope (to modify the policy for both frontend+backend).

Expected behavior/output

The documentation says that I have to add a scope, or says that I can omit the scope.

TYPO3 versions

13

[brotkrueml]

Well, Scope only provides frontend() and backend() (not something like both()):
https://github.com/TYPO3/typo3/blob/main/typo3/sysext/core/Classes/Security/ContentSecurityPolicy/Scope.php

And: Map uses the first item as key (frontend, backend) and the second one as value:
https://github.com/TYPO3/typo3/blob/main/typo3/sysext/core/Classes/Type/Map.php#L66

If you want one mutation collection for both, well, you are in PHP, so assign the collection to a variable and pass it to both configurations.