diff options
author | Kushal Pandya <kushalspandya@gmail.com> | 2019-08-22 06:10:27 +0000 |
---|---|---|
committer | Kushal Pandya <kushalspandya@gmail.com> | 2019-08-22 06:10:27 +0000 |
commit | 48feb671083f3bc35789e975cc30bfc020f9a5dd (patch) | |
tree | 0e619f78210732e74485201738ae86a4389967fa /app | |
parent | 1d5f5aa896a38104c375ac6ddd168d03d408f05e (diff) | |
parent | 29f1ab6b526f35308dc320ce342f6bdb2e331e55 (diff) | |
download | gitlab-ce-48feb671083f3bc35789e975cc30bfc020f9a5dd.tar.gz |
Merge branch 'add-nonce-js-views' into 'master'
Add CSP nonce when handling JS views
See merge request gitlab-org/gitlab-ce!31839
Diffstat (limited to 'app')
-rw-r--r-- | app/assets/javascripts/main.js | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/app/assets/javascripts/main.js b/app/assets/javascripts/main.js index ba33d72b1f3..39f2097c174 100644 --- a/app/assets/javascripts/main.js +++ b/app/assets/javascripts/main.js @@ -9,7 +9,11 @@ import './commons'; import './behaviors'; // lib/utils -import { handleLocationHash, addSelectOnFocusBehaviour } from './lib/utils/common_utils'; +import { + handleLocationHash, + addSelectOnFocusBehaviour, + getCspNonceValue, +} from './lib/utils/common_utils'; import { localTimeAgo } from './lib/utils/datetime_utility'; import { getLocationHash, visitUrl } from './lib/utils/url_utility'; @@ -39,6 +43,17 @@ import 'ee_else_ce/main_ee'; window.jQuery = jQuery; window.$ = jQuery; +// Add nonce to jQuery script handler +jQuery.ajaxSetup({ + converters: { + // eslint-disable-next-line @gitlab/i18n/no-non-i18n-strings, func-names + 'text script': function(text) { + jQuery.globalEval(text, { nonce: getCspNonceValue() }); + return text; + }, + }, +}); + // inject test utilities if necessary if (process.env.NODE_ENV !== 'production' && gon && gon.test_env) { $.fx.off = true; |