Add CSP nonce when handling JS views
Prevents errors when we have CSP enabled
This commit is contained in:
Heinrich Lee Yu
parent
1d5f5aa896
commit
29f1ab6b52
1 changed files with 16 additions and 1 deletions
|
|
@ -9,7 +9,11 @@ import './commons';
|
||||||
import './behaviors';
|
import './behaviors';
|
||||||
|
|
||||||
// lib/utils
|
// lib/utils
|
||||||
import { handleLocationHash, addSelectOnFocusBehaviour } from './lib/utils/common_utils';
|
import {
|
||||||
|
handleLocationHash,
|
||||||
|
addSelectOnFocusBehaviour,
|
||||||
|
getCspNonceValue,
|
||||||
|
} from './lib/utils/common_utils';
|
||||||
import { localTimeAgo } from './lib/utils/datetime_utility';
|
import { localTimeAgo } from './lib/utils/datetime_utility';
|
||||||
import { getLocationHash, visitUrl } from './lib/utils/url_utility';
|
import { getLocationHash, visitUrl } from './lib/utils/url_utility';
|
||||||
|
|
||||||
|
|
@ -39,6 +43,17 @@ import 'ee_else_ce/main_ee';
|
||||||
window.jQuery = jQuery;
|
window.jQuery = jQuery;
|
||||||
window.$ = jQuery;
|
window.$ = jQuery;
|
||||||
|
|
||||||
|
// Add nonce to jQuery script handler
|
||||||
|
jQuery.ajaxSetup({
|
||||||
|
converters: {
|
||||||
|
// eslint-disable-next-line @gitlab/i18n/no-non-i18n-strings, func-names
|
||||||
|
'text script': function(text) {
|
||||||
|
jQuery.globalEval(text, { nonce: getCspNonceValue() });
|
||||||
|
return text;
|
||||||
|
},
|
||||||
|
},
|
||||||
|
});
|
||||||
|
|
||||||
// inject test utilities if necessary
|
// inject test utilities if necessary
|
||||||
if (process.env.NODE_ENV !== 'production' && gon && gon.test_env) {
|
if (process.env.NODE_ENV !== 'production' && gon && gon.test_env) {
|
||||||
$.fx.off = true;
|
$.fx.off = true;
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue