Add nonce option for secure headers

This commit is contained in:
Leif Ringstad 2017-01-19 16:11:49 +01:00 committed by GitHub
parent c0c47cc83b
commit 065da9bc6e

View File

@ -1,15 +1,23 @@
<% if with_swf? %> <% if with_swf? %>
<script type="text/javascript"> <% if defined?(SecureHeaders) %>
WEB_SOCKET_SWF_LOCATION = "/__rack/WebSocketMain.swf"; <script type="text/javascript" nonce="<%= content_security_policy_script_nonce %>">
<% if force_swf? %> <% else %>
WEB_SOCKET_FORCE_FLASH = true; <script type="text/javascript">
<% end %> <% end %>
</script> WEB_SOCKET_SWF_LOCATION = "/__rack/WebSocketMain.swf";
<script type="text/javascript" src="<%= app_root %>/__rack/swfobject.js"></script> <% if force_swf? %>
<script type="text/javascript" src="<%= app_root %>/__rack/web_socket.js"></script> WEB_SOCKET_FORCE_FLASH = true;
<% end %>
</script>
<script type="text/javascript" src="<%= app_root %>/__rack/swfobject.js"></script>
<script type="text/javascript" src="<%= app_root %>/__rack/web_socket.js"></script>
<% end %> <% end %>
<script type="text/javascript"> <% if defined?(SecureHeaders) %>
RACK_LIVERELOAD_PORT = <%= @options[:live_reload_port] %>; <script type="text/javascript" nonce="<%= content_security_policy_script_nonce %>">
</script> <% else %>
<script type="text/javascript">
<% end %>
RACK_LIVERELOAD_PORT = <%= @options[:live_reload_port] %>;
</script>
<script type="text/javascript" src="<%= livereload_source %>"></script> <script type="text/javascript" src="<%= livereload_source %>"></script>