Add dirty workaround for speakers view inline script

2017-10-21 01:25:30 +02:00
parent 2b2b8d6d1d
commit e5f03fe135
1 changed files with 4 additions and 0 deletions
--- a/app.js
+++ b/app.js
@@ -173,6 +173,10 @@ if (config.csp.enable) {
  }
  if (directives.scriptSrc.indexOf('\'unsafe-inline\'') === -1) {
    directives.scriptSrc.push(getCspNonce)
+    // TODO: This is the SHA-256 hash of the inline script in
+    // build/reveal.js/plugins/notes/notes.html . Any cleaner
+    // solution appreciated.
+    directives.scriptSrc.push('\'sha256-EtvSSxRwce5cLeFBZbvZvDrTiRoyoXbWWwvEVciM5Ag=\'')
  }
  directives.connectSrc.push(getCspWebSocketUrl)
  if (config.csp.upgradeInsecureRequests === 'auto') {