misc improvements from review

2018-05-08 01:47:01 +02:00 · 2018-05-08 01:47:01 +02:00 · c67bef7486
parent f6aebbd992
commit c67bef7486
3 changed files with 5 additions and 16 deletions
--- a/app/templating/AssetHelper.scala
+++ b/app/templating/AssetHelper.scala
@ -101,10 +101,8 @@ trait AssetHelper { self: I18nHelper =>
    )
  }

-  def defaultCsp(implicit ctx: Context): ContentSecurityPolicy = {
-    implicit val req = ctx.req
-    basicCsp.withNonce(ctx.nonce)
-  }
+  def defaultCsp(implicit ctx: Context): ContentSecurityPolicy =
+    basicCsp(ctx.req).withNonce(ctx.nonce)

  def embedJsUnsafe(js: String)(implicit ctx: Context): Html = Html {
    s"""<script nonce="${ctx.nonce}">$js</script>"""
--- a/modules/common/src/main/ContentSecurityPolicy.scala
+++ b/modules/common/src/main/ContentSecurityPolicy.scala
@ -49,11 +49,8 @@ case class ContentSecurityPolicy(
      "child-src " -> childSrc,
      "img-src " -> imgSrc,
      "script-src " -> scriptSrc
-    ) filter {
-        case (_, sources) =>
-          sources.nonEmpty
-      } map {
-        case (directive, sources) =>
+    ) collect {
+        case (directive, sources) if sources.nonEmpty =>
          sources.mkString(directive, " ", ";")
      } mkString (" ")
 }
--- a/modules/common/src/main/Nonce.scala
+++ b/modules/common/src/main/Nonce.scala
@ -1,7 +1,5 @@
 package lila.common

-import java.security.SecureRandom
-
 import ornicar.scalalib.Random

 case class Nonce(value: String) extends AnyVal {
@ -10,9 +8,5 @@ case class Nonce(value: String) extends AnyVal {
 }

 object Nonce {
-  def random: Nonce = {
-    val bytes = new Array[Byte](15)
-    new SecureRandom().nextBytes(bytes)
-    Nonce(bytes.toBase64)
-  }
+  def random: Nonce = Nonce(Random.secureString(20))
 }