kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity

Add CSP nonce when handling JS views

Browse source 
Prevents errors when we have CSP enabled
This commit is contained in:
Heinrich Lee Yu 2019-08-15 14:42:01 +08:00
parent 1d5f5aa896
commit 29f1ab6b52
1 changed files with 16 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
app/assets/javascripts/main.js
View file

@ -9,7 +9,11 @@ import './commons';
import './behaviors';
// lib/utils
import { handleLocationHash, addSelectOnFocusBehaviour } from './lib/utils/common_utils';
import {
handleLocationHash,
addSelectOnFocusBehaviour,
getCspNonceValue,
} from './lib/utils/common_utils';
import { localTimeAgo } from './lib/utils/datetime_utility';
import { getLocationHash, visitUrl } from './lib/utils/url_utility';
@ -39,6 +43,17 @@ import 'ee_else_ce/main_ee';
window.jQuery = jQuery;
window.$ = jQuery;
// Add nonce to jQuery script handler
jQuery.ajaxSetup({
converters: {
// eslint-disable-next-line @gitlab/i18n/no-non-i18n-strings, func-names
'text script': function(text) {
jQuery.globalEval(text, { nonce: getCspNonceValue() });
return text;
},
},
});
// inject test utilities if necessary
if (process.env.NODE_ENV !== 'production' && gon && gon.test_env) {
$.fx.off = true;