layouts/shortcodes: set nonce for asciinema event script

Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
2020-12-24 12:48:15 +05:30 · 2020-12-24 12:48:15 +05:30 · 445212cbab
parent eae7c59b9a
commit 445212cbab
2 changed files with 2 additions and 2 deletions
--- a/layouts/shortcodes/asciinema.html
+++ b/layouts/shortcodes/asciinema.html
@ -1,4 +1,4 @@
-<script>
+<script nonce="ONQV6ZLWMVXHIX3BONRWS2LOMVWWCCQ=">
 sa_event('asciinema_load_{{index .Params 0}}');
 </script>
 <center><div style="margin-top: 2em; margin-bottom: 2em;"><script src="https://asciinema.org/a/{{index .Params 0}}.js" id="asciicast-{{index .Params 0}}" async></script></div></center>
--- a/workers-site/src/handler.ts
+++ b/workers-site/src/handler.ts
@ -4,7 +4,7 @@ const GITHUB_USERNAME = 'msfjarvis'
 const APS_SLUG = 'Android-Password-Store/Android-Password-Store'
 const GITHUB_URL = `https://github.com/${GITHUB_USERNAME}`
 const APS_GITHUB_URL = `https://github.com/${APS_SLUG}`
-const CSP_POLICY = "base-uri 'self'; connect-src 'self'; default-src 'self'; frame-ancestors 'none'; frame-src asciinema.org github.com platform.twitter.com; font-src 'self' fonts.gstatic.com; img-src 'self' data: gfycat.com imgur.com *.imgur.com insights.msfjarvis.dev syndication.twitter.com; object-src 'none'; script-src 'self' asciinema.org cdn.jsdelivr.net platform.twitter.com unpkg.com 'nonce-MZSWC5DVOJSS23TPNZRWKCQ=' 'nonce-NFXHG2LHNB2HGLTNONTGUYLSOZUXGLTEMV3AU===' 'nonce-ONUW24DMMUQGC3TBNR4XI2LDOMQGK5TFNZ2HGCQ='; style-src 'self' cdn.jsdelivr.net fonts.googleapis.com 'unsafe-inline';";
+const CSP_POLICY = "base-uri 'self'; connect-src 'self'; default-src 'self'; frame-ancestors 'none'; frame-src asciinema.org github.com platform.twitter.com; font-src 'self' fonts.gstatic.com; img-src 'self' data: gfycat.com imgur.com *.imgur.com insights.msfjarvis.dev syndication.twitter.com; object-src 'none'; script-src 'self' asciinema.org cdn.jsdelivr.net platform.twitter.com unpkg.com 'nonce-MZSWC5DVOJSS23TPNZRWKCQ=' 'nonce-NFXHG2LHNB2HGLTNONTGUYLSOZUXGLTEMV3AU===' 'nonce-ONUW24DMMUQGC3TBNR4XI2LDOMQGK5TFNZ2HGCQ=' 'nonce-ONQV6ZLWMVXHIX3BONRWS2LOMVWWCCQ='; style-src 'self' cdn.jsdelivr.net fonts.googleapis.com 'unsafe-inline';";
 const PERMISSIONS_POLICY = "accelerometer=(), autoplay=(), camera=(), encrypted-media=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), sync-xhr=(), usb=()"

 export async function handleRequest(event: FetchEvent): Promise<Response> {