misc improvements from review
parent
f6aebbd992
commit
c67bef7486
|
@ -101,10 +101,8 @@ trait AssetHelper { self: I18nHelper =>
|
|||
)
|
||||
}
|
||||
|
||||
def defaultCsp(implicit ctx: Context): ContentSecurityPolicy = {
|
||||
implicit val req = ctx.req
|
||||
basicCsp.withNonce(ctx.nonce)
|
||||
}
|
||||
def defaultCsp(implicit ctx: Context): ContentSecurityPolicy =
|
||||
basicCsp(ctx.req).withNonce(ctx.nonce)
|
||||
|
||||
def embedJsUnsafe(js: String)(implicit ctx: Context): Html = Html {
|
||||
s"""<script nonce="${ctx.nonce}">$js</script>"""
|
||||
|
|
|
@ -49,11 +49,8 @@ case class ContentSecurityPolicy(
|
|||
"child-src " -> childSrc,
|
||||
"img-src " -> imgSrc,
|
||||
"script-src " -> scriptSrc
|
||||
) filter {
|
||||
case (_, sources) =>
|
||||
sources.nonEmpty
|
||||
} map {
|
||||
case (directive, sources) =>
|
||||
) collect {
|
||||
case (directive, sources) if sources.nonEmpty =>
|
||||
sources.mkString(directive, " ", ";")
|
||||
} mkString (" ")
|
||||
}
|
||||
|
|
|
@ -1,7 +1,5 @@
|
|||
package lila.common
|
||||
|
||||
import java.security.SecureRandom
|
||||
|
||||
import ornicar.scalalib.Random
|
||||
|
||||
case class Nonce(value: String) extends AnyVal {
|
||||
|
@ -10,9 +8,5 @@ case class Nonce(value: String) extends AnyVal {
|
|||
}
|
||||
|
||||
object Nonce {
|
||||
def random: Nonce = {
|
||||
val bytes = new Array[Byte](15)
|
||||
new SecureRandom().nextBytes(bytes)
|
||||
Nonce(bytes.toBase64)
|
||||
}
|
||||
def random: Nonce = Nonce(Random.secureString(20))
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue