From a1726fc12e44c35b871e017c08729de5d1a522bf Mon Sep 17 00:00:00 2001 From: Thomas Citharel Date: Wed, 2 Nov 2022 11:36:32 +0100 Subject: [PATCH] Add sha-256 hash for toggling dark theme code and remove inlined phoenix digest Follow-up to !1300 Signed-off-by: Thomas Citharel --- lib/web/plugs/http_security_plug.ex | 3 ++- lib/web/templates/page/index.html.heex | 1 - test/web/plugs/http_security_plug_test.exs | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/web/plugs/http_security_plug.ex b/lib/web/plugs/http_security_plug.ex index b18c85d14..082507a2d 100644 --- a/lib/web/plugs/http_security_plug.ex +++ b/lib/web/plugs/http_security_plug.ex @@ -85,7 +85,8 @@ defmodule Mobilizon.Web.Plugs.HTTPSecurityPlug do else [ @script_src, - "'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' " + "'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' ", + "'sha256-zJdRXhLWm9NGI6BFr+sNmHBBrjAdJdFr7MpUq0EwK58=' " ] end diff --git a/lib/web/templates/page/index.html.heex b/lib/web/templates/page/index.html.heex index d24ba8cf8..7047727cb 100644 --- a/lib/web/templates/page/index.html.heex +++ b/lib/web/templates/page/index.html.heex @@ -20,7 +20,6 @@ <% end %> <%= tags(assigns) || assigns.tags %> - <%= Vite.inlined_phx_manifest() %> <%= Vite.vite_client() %> <%= Vite.vite_snippet("src/main.ts") %> diff --git a/test/web/plugs/http_security_plug_test.exs b/test/web/plugs/http_security_plug_test.exs index 6abd6a6cb..43be1dec4 100644 --- a/test/web/plugs/http_security_plug_test.exs +++ b/test/web/plugs/http_security_plug_test.exs @@ -73,7 +73,7 @@ defmodule Mobilizon.Web.Plugs.HTTPSecurityPlugTest do [csp] = Conn.get_resp_header(conn, "content-security-policy") assert csp =~ - ~r/script-src 'self' 'unsafe-eval' 'sha256-[\w+\/=]*' example.com matomo.example.com ;/ + ~r/script-src 'self' 'unsafe-eval' 'sha256-[\w+\/=]*' 'sha256-[\w+\/=]*' example.com matomo.example.com ;/ end end