Add sha-256 hash for toggling dark theme code and remove inlined phoenix digest

Follow-up to !1300

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
This commit is contained in:
Thomas Citharel 2022-11-02 11:36:32 +01:00
parent c8d5bdd4af
commit a1726fc12e
No known key found for this signature in database
GPG key ID: A061B9DDE0CA0773
3 changed files with 3 additions and 3 deletions

View file

@ -85,7 +85,8 @@ defmodule Mobilizon.Web.Plugs.HTTPSecurityPlug do
else else
[ [
@script_src, @script_src,
"'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' " "'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' ",
"'sha256-zJdRXhLWm9NGI6BFr+sNmHBBrjAdJdFr7MpUq0EwK58=' "
] ]
end end

View file

@ -20,7 +20,6 @@
<link rel="preload" href="/img/shape-3.svg" as="image" /> <link rel="preload" href="/img/shape-3.svg" as="image" />
<% end %> <% end %>
<%= tags(assigns) || assigns.tags %> <%= tags(assigns) || assigns.tags %>
<%= Vite.inlined_phx_manifest() %>
<%= Vite.vite_client() %> <%= Vite.vite_client() %>
<%= Vite.vite_snippet("src/main.ts") %> <%= Vite.vite_snippet("src/main.ts") %>
</head> </head>

View file

@ -73,7 +73,7 @@ defmodule Mobilizon.Web.Plugs.HTTPSecurityPlugTest do
[csp] = Conn.get_resp_header(conn, "content-security-policy") [csp] = Conn.get_resp_header(conn, "content-security-policy")
assert csp =~ assert csp =~
~r/script-src 'self' 'unsafe-eval' 'sha256-[\w+\/=]*' example.com matomo.example.com ;/ ~r/script-src 'self' 'unsafe-eval' 'sha256-[\w+\/=]*' 'sha256-[\w+\/=]*' example.com matomo.example.com ;/
end end
end end