Add sha-256 hash for toggling dark theme code and remove inlined phoenix digest
Follow-up to !1300 Signed-off-by: Thomas Citharel <tcit@tcit.fr>
This commit is contained in:
parent
c8d5bdd4af
commit
a1726fc12e
|
@ -85,7 +85,8 @@ defmodule Mobilizon.Web.Plugs.HTTPSecurityPlug do
|
|||
else
|
||||
[
|
||||
@script_src,
|
||||
"'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' "
|
||||
"'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' ",
|
||||
"'sha256-zJdRXhLWm9NGI6BFr+sNmHBBrjAdJdFr7MpUq0EwK58=' "
|
||||
]
|
||||
end
|
||||
|
||||
|
|
|
@ -20,7 +20,6 @@
|
|||
<link rel="preload" href="/img/shape-3.svg" as="image" />
|
||||
<% end %>
|
||||
<%= tags(assigns) || assigns.tags %>
|
||||
<%= Vite.inlined_phx_manifest() %>
|
||||
<%= Vite.vite_client() %>
|
||||
<%= Vite.vite_snippet("src/main.ts") %>
|
||||
</head>
|
||||
|
|
|
@ -73,7 +73,7 @@ defmodule Mobilizon.Web.Plugs.HTTPSecurityPlugTest do
|
|||
[csp] = Conn.get_resp_header(conn, "content-security-policy")
|
||||
|
||||
assert csp =~
|
||||
~r/script-src 'self' 'unsafe-eval' 'sha256-[\w+\/=]*' example.com matomo.example.com ;/
|
||||
~r/script-src 'self' 'unsafe-eval' 'sha256-[\w+\/=]*' 'sha256-[\w+\/=]*' example.com matomo.example.com ;/
|
||||
end
|
||||
end
|
||||
|
||||
|
|
Loading…
Reference in a new issue