Add nonces back in for scripts and styles

nationalarchives · Jun 12, 2024 · f29e519 · f29e519
1 parent 08044d5
commit f29e519
Show file tree

Hide file tree

Showing 11 changed files with 13 additions and 12 deletions.
diff --git a/app/__init__.py b/app/__init__.py
@@ -56,6 +56,7 @@ def create_app(config_class):
             "connect-src": app.config["CSP_CONNECT_SRC"],
             "media-src": app.config["CSP_MEDIA_SRC"],
         },
+        content_security_policy_nonce_in=["script-src", "style-src"],
         feature_policy={
             "camera": "'none'",
             "fullscreen": "'self'",

diff --git a/app/templates/base.html b/app/templates/base.html
@@ -262,6 +262,6 @@
 {% endblock %}
 
 {% block bodyEnd %}
-<script src="{{ url_for('static', filename='main.min.js') }}" defer></script>
-<script src="{{ url_for('static', filename='analytics.min.js') }}" defer></script>
+<script src="{{ url_for('static', filename='main.min.js') }}" nonce="{{ csp_nonce() }}" defer></script>
+<script src="{{ url_for('static', filename='analytics.min.js') }}" nonce="{{ csp_nonce() }}" defer></script>
 {% endblock %}
diff --git a/app/templates/catalogue/archive.html b/app/templates/catalogue/archive.html
@@ -27,7 +27,7 @@
 
 {% block stylesheets %}
 {{ super() }}
-    <link rel="stylesheet" href="{{ url_for('static', filename='catalogue.css') }}">
+    <link rel="stylesheet" href="{{ url_for('static', filename='catalogue.css') }}" nonce="{{ csp_nonce() }}">
 {% endblock %}
 
 {% block beforeContent %}

diff --git a/app/templates/catalogue/creator.html b/app/templates/catalogue/creator.html
@@ -27,7 +27,7 @@
 
 {% block stylesheets %}
 {{ super() }}
-    <link rel="stylesheet" href="{{ url_for('static', filename='catalogue.css') }}">
+    <link rel="stylesheet" href="{{ url_for('static', filename='catalogue.css') }}" nonce="{{ csp_nonce() }}">
 {% endblock %}
 
 {% block beforeContent %}

diff --git a/app/templates/catalogue/person.html b/app/templates/catalogue/person.html
@@ -27,7 +27,7 @@
 
 {% block stylesheets %}
 {{ super() }}
-    <link rel="stylesheet" href="{{ url_for('static', filename='catalogue.css') }}">
+    <link rel="stylesheet" href="{{ url_for('static', filename='catalogue.css') }}" nonce="{{ csp_nonce() }}">
 {% endblock %}
 
 {% block beforeContent %}

diff --git a/app/templates/catalogue/record.html b/app/templates/catalogue/record.html
@@ -30,7 +30,7 @@
 
 {% block stylesheets %}
 {{ super() }}
-    <link rel="stylesheet" href="{{ url_for('static', filename='catalogue.css') }}">
+    <link rel="stylesheet" href="{{ url_for('static', filename='catalogue.css') }}" nonce="{{ csp_nonce() }}">
 {% endblock %}
 
 {% block beforeContent %}

diff --git a/app/templates/explore-the-collection/article-focused.html b/app/templates/explore-the-collection/article-focused.html
@@ -147,6 +147,6 @@ <h2 class="etna-author-list__heading tna-heading-s">Author{{ 's' if page_data.au
 {% endblock %}
 
 {% block bodyEnd %}
-<script src="{{ url_for('static', filename='article.min.js') }}" defer></script>
+<script src="{{ url_for('static', filename='article.min.js') }}" nonce="{{ csp_nonce() }}" defer></script>
 {{ super() }}
 {% endblock %}
diff --git a/app/templates/explore-the-collection/article.html b/app/templates/explore-the-collection/article.html
@@ -12,7 +12,7 @@
 
 {% block stylesheets %}
 {{ super() }}
-    <link rel="stylesheet" href="{{ url_for('static', filename='article.css') }}">
+    <link rel="stylesheet" href="{{ url_for('static', filename='article.css') }}" nonce="{{ csp_nonce() }}">
 {% endblock %}
 
 {% block content %}
@@ -88,6 +88,6 @@ <h1 class="tna-hgroup__title" itemprop="name">{{ page_data.title }}</h1>
 {% endblock %}
 
 {% block bodyEnd %}
-<script src="{{ url_for('static', filename='article.min.js') }}" defer></script>
+<script src="{{ url_for('static', filename='article.min.js') }}" nonce="{{ csp_nonce() }}" defer></script>
 {{ super() }}
 {% endblock %}
diff --git a/app/templates/explore-the-collection/highlight-gallery.html b/app/templates/explore-the-collection/highlight-gallery.html
@@ -9,7 +9,7 @@
 
 {% block stylesheets %}
 {{ super() }}
-    <link rel="stylesheet" href="{{ url_for('static', filename='highlight-gallery.css') }}">
+    <link rel="stylesheet" href="{{ url_for('static', filename='highlight-gallery.css') }}" nonce="{{ csp_nonce() }}">
 {% endblock %}
 
 {% block content %}

diff --git a/app/templates/explore-the-collection/record-article.html b/app/templates/explore-the-collection/record-article.html
@@ -12,7 +12,7 @@
 
 {% block stylesheets %}
 {{ super() }}
-    <link rel="stylesheet" href="{{ url_for('static', filename='article.css') }}">
+    <link rel="stylesheet" href="{{ url_for('static', filename='article.css') }}" nonce="{{ csp_nonce() }}">
 {% endblock %}
 
 {% block content %}

diff --git a/app/templates/main/new_home.html b/app/templates/main/new_home.html
@@ -9,7 +9,7 @@
 
 {% block stylesheets %}
 {{ super() }}
-    <link rel="stylesheet" href="{{ url_for('static', filename='homepage.css') }}">
+    <link rel="stylesheet" href="{{ url_for('static', filename='homepage.css') }}" nonce="{{ csp_nonce() }}">
 {% endblock %}
 
 {% block content %}