sa6anw/hedgedoc-hedgeagent
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Cleanup csp.js

Browse Source 
Signed-off-by: David Mehren <git@herrmehren.de>
This commit is contained in:
David Mehren
2021-08-05 23:06:28 +02:00
parent bd44cbc16c
commit 1c0af5f75d
1 changed files with 1 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
lib/csp.js
View File

@@ -79,10 +79,6 @@ function mergeDirectivesIf (condition, existingDirectives, newDirectives) {
}
}
function areAllInlineScriptsAllowed (directives) {
return directives.scriptSrc.indexOf('\'unsafe-inline\'') !== -1
}
function addInlineScriptExceptions (directives) {
directives.scriptSrc.push(getCspNonce)
// TODO: This is the SHA-256 hash of the inline script in build/reveal.js/plugins/notes/notes.html
@@ -91,7 +87,7 @@ function addInlineScriptExceptions (directives) {
}
function getCspNonce (req, res) {
return "'nonce-" + res.locals.nonce + "'"
return '\'nonce-' + res.locals.nonce + '\''
}
function addUpgradeUnsafeRequestsOptionTo (directives) {