github/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2024-11-24 10:46:30 -05:00
Code Issues Projects Releases Packages Wiki Activity

Cleanup csp.js

Browse source 
Signed-off-by: David Mehren <git@herrmehren.de>
This commit is contained in:
David Mehren 2021-08-05 23:06:28 +02:00
parent bd44cbc16c
commit 1c0af5f75d
No known key found for this signature in database
GPG key ID: 185982BA4C42B7C3
1 changed files with 1 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
lib/csp.js
View file

@ -79,10 +79,6 @@ function mergeDirectivesIf (condition, existingDirectives, newDirectives) {
}
}
function areAllInlineScriptsAllowed (directives) {
return directives.scriptSrc.indexOf('\'unsafe-inline\'') !== -1
}
function addInlineScriptExceptions (directives) {
directives.scriptSrc.push(getCspNonce)
// TODO: This is the SHA-256 hash of the inline script in build/reveal.js/plugins/notes/notes.html
@ -91,7 +87,7 @@ function addInlineScriptExceptions (directives) {
}
function getCspNonce (req, res) {
return "'nonce-" + res.locals.nonce + "'"
return '\'nonce-' + res.locals.nonce + '\''
}
function addUpgradeUnsafeRequestsOptionTo (directives) {