Add dirty workaround for speakers view inline script

author: Literallie 2017-10-21 01:25:30 +0200
committer: Literallie 2017-10-22 00:03:46 +0200
commit: e5f03fe1356dca679b6e19c0dc02136f8f78936a (patch)
tree: 84608db1e985f6847a915f4ee12a1246421c2ded /app.js
parent: 2b2b8d6d1daa0cd8a90459a9592d2c0dd753f8b2 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/app.js b/app.js
index c382cc35..cdabc7d7 100644
--- a/app.js
+++ b/app.js
@@ -173,6 +173,10 @@ if (config.csp.enable) {
   }
   if (directives.scriptSrc.indexOf('\'unsafe-inline\'') === -1) {
     directives.scriptSrc.push(getCspNonce)
+    // TODO: This is the SHA-256 hash of the inline script in
+    // build/reveal.js/plugins/notes/notes.html . Any cleaner
+    // solution appreciated.
+    directives.scriptSrc.push('\'sha256-EtvSSxRwce5cLeFBZbvZvDrTiRoyoXbWWwvEVciM5Ag=\'')
   }
   directives.connectSrc.push(getCspWebSocketUrl)
   if (config.csp.upgradeInsecureRequests === 'auto') {
author	Literallie	2017-10-21 01:25:30 +0200
committer	Literallie	2017-10-22 00:03:46 +0200
commit	e5f03fe1356dca679b6e19c0dc02136f8f78936a (patch)
tree	84608db1e985f6847a915f4ee12a1246421c2ded /app.js
parent	2b2b8d6d1daa0cd8a90459a9592d2c0dd753f8b2 (diff)