diff options
author | Literallie | 2017-10-21 00:46:53 +0200 |
---|---|---|
committer | Literallie | 2017-10-22 00:03:46 +0200 |
commit | d51da8c12c2446d081eaa7f32406941b09142c1c (patch) | |
tree | 7e824f87c2b80e3434e93873bb904db7a51d1a66 | |
parent | 91101c856c3efac53e8a4db4cc537b77370aa7df (diff) |
Don't add nonce to CSP if unsafe-inline is on
Browsers ignore unsafe-inline if a nonce is sent
-rw-r--r-- | app.js | 4 |
1 files changed, 3 insertions, 1 deletions
@@ -171,7 +171,9 @@ if (config.csp.enable) { ) } } - directives.scriptSrc.push(getCspNonce) + if (directives.scriptSrc.indexOf('\'unsafe-inline\'') === -1) { + directives.scriptSrc.push(getCspNonce) + } directives.connectSrc.push(getCspWebSocketUrl) if (config.csp.upgradeInsecureRequests === 'auto') { directives.upgradeInsecureRequests = config.usessl === 'true' |