From 6145c27d9a20fa959df5cadffd93542a8d155202 Mon Sep 17 00:00:00 2001
From: Vincent Boutour <bob@vibioh.fr>
Date: Fri, 15 Oct 2021 17:18:11 +0200
Subject: [PATCH] fix: Fixing signup css nonce

Signed-off-by: Vincent Boutour <bob@vibioh.fr>
---
 README.md                         | 2 +-
 cmd/ketchup/api.go                | 2 +-
 cmd/ketchup/templates/public.html | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 93b2382a..13c64bf9 100644
--- a/README.md
+++ b/README.md
@@ -77,7 +77,7 @@ Usage of ketchup:
   -corsOrigin string
         [cors] Access-Control-Allow-Origin {KETCHUP_CORS_ORIGIN} (default "*")
   -csp string
-        [owasp] Content-Security-Policy {KETCHUP_CSP} (default "default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-ketchup-js-main' 'nonce-ketchup-js-create'; style-src 'self' 'nonce-ketchup-css-main' 'nonce-ketchup-css-ketchups' 'nonce-ketchup-css-suggests'")
+        [owasp] Content-Security-Policy {KETCHUP_CSP} (default "default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-ketchup-js-main' 'nonce-ketchup-js-create'; style-src 'self' 'nonce-ketchup-css-main' 'nonce-ketchup-css-ketchups' 'nonce-ketchup-css-suggests' 'nonce-ketchup-css-signup'")
   -dbHost string
         [db] Host {KETCHUP_DB_HOST}
   -dbMaxConn uint
diff --git a/cmd/ketchup/api.go b/cmd/ketchup/api.go
index 2de69911..e9ade0c3 100644
--- a/cmd/ketchup/api.go
+++ b/cmd/ketchup/api.go
@@ -67,7 +67,7 @@ func main() {
 	alcotestConfig := alcotest.Flags(fs, "")
 	loggerConfig := logger.Flags(fs, "logger")
 	prometheusConfig := prometheus.Flags(fs, "prometheus", flags.NewOverride("Gzip", false))
-	owaspConfig := owasp.Flags(fs, "", flags.NewOverride("Csp", "default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-ketchup-js-main' 'nonce-ketchup-js-create'; style-src 'self' 'nonce-ketchup-css-main' 'nonce-ketchup-css-ketchups' 'nonce-ketchup-css-suggests'"))
+	owaspConfig := owasp.Flags(fs, "", flags.NewOverride("Csp", "default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-ketchup-js-main' 'nonce-ketchup-js-create'; style-src 'self' 'nonce-ketchup-css-main' 'nonce-ketchup-css-ketchups' 'nonce-ketchup-css-suggests' 'nonce-ketchup-css-signup'"))
 	corsConfig := cors.Flags(fs, "cors")
 	rendererConfig := renderer.Flags(fs, "", flags.NewOverride("Title", "Ketchup"), flags.NewOverride("PublicURL", "https://ketchup.vibioh.fr"))
 
diff --git a/cmd/ketchup/templates/public.html b/cmd/ketchup/templates/public.html
index cbf9325f..59ccc2fb 100644
--- a/cmd/ketchup/templates/public.html
+++ b/cmd/ketchup/templates/public.html
@@ -45,7 +45,7 @@
 {{ end }}
 
 {{ define "signup" }}
-  <style>
+  <style type="text/css" nonce="ketchup-css-signup">
     .active-link {
       color: var(--primary);
     }