refactor: Removing nonce for js and css, waiting for better implem

Signed-off-by: Vincent Boutour <[email protected]>
ViBiOh · Oct 15, 2021 · aa5d739 · aa5d739
1 parent b267337
commit aa5d739
Show file tree

Hide file tree

Showing 6 changed files with 8 additions and 8 deletions.
diff --git a/README.md b/README.md
@@ -77,7 +77,7 @@ Usage of ketchup:
   -corsOrigin string
         [cors] Access-Control-Allow-Origin {KETCHUP_CORS_ORIGIN} (default "*")
   -csp string
-        [owasp] Content-Security-Policy {KETCHUP_CSP} (default "default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-ketchup-js-main' 'nonce-ketchup-js-create'; style-src 'self' 'nonce-ketchup-css-main' 'nonce-ketchup-css-ketchups' 'nonce-ketchup-css-suggests' 'nonce-ketchup-css-signup'")
+        [owasp] Content-Security-Policy {KETCHUP_CSP} (default "default-src 'self'; base-uri 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'")
   -dbHost string
         [db] Host {KETCHUP_DB_HOST}
   -dbMaxConn uint

diff --git a/cmd/ketchup/api.go b/cmd/ketchup/api.go
@@ -67,7 +67,7 @@ func main() {
 	alcotestConfig := alcotest.Flags(fs, "")
 	loggerConfig := logger.Flags(fs, "logger")
 	prometheusConfig := prometheus.Flags(fs, "prometheus", flags.NewOverride("Gzip", false))
-	owaspConfig := owasp.Flags(fs, "", flags.NewOverride("Csp", "default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-ketchup-js-main' 'nonce-ketchup-js-create'; style-src 'self' 'nonce-ketchup-css-main' 'nonce-ketchup-css-ketchups' 'nonce-ketchup-css-suggests' 'nonce-ketchup-css-signup'"))
+	owaspConfig := owasp.Flags(fs, "", flags.NewOverride("Csp", "default-src 'self'; base-uri 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'"))
 	corsConfig := cors.Flags(fs, "cors")
 	rendererConfig := renderer.Flags(fs, "", flags.NewOverride("Title", "Ketchup"), flags.NewOverride("PublicURL", "https://ketchup.vibioh.fr"))
 

diff --git a/cmd/ketchup/templates/index.html b/cmd/ketchup/templates/index.html
@@ -1,5 +1,5 @@
 {{ define "main-style" }}
-  <style type="text/css" nonce="ketchup-css-main">
+  <style type="text/css">
     :root {
       --primary: cornflowerblue;
       --success: limegreen;
@@ -260,7 +260,7 @@
 {{ end }}
 
 {{ define "main-script" }}
-  <script type="text/javascript" nonce="ketchup-js-main">
+  <script type="text/javascript">
     /**
     * Go back from state.
     */

diff --git a/cmd/ketchup/templates/ketchup.html b/cmd/ketchup/templates/ketchup.html
@@ -86,7 +86,7 @@ <h2 class="header">Create ketchup</h2>
     </div>
   </div>
 
-  <script type="text/javascript" nonce="ketchup-js-create">
+  <script type="text/javascript">
     const repositoryInput = document.getElementById('create-name');
     const nameInput = document.getElementById('create-part-wrapper');
 
@@ -208,7 +208,7 @@ <h2 class="header">Confirmation</h2>
 {{ end }}
 
 {{ define "ketchups" }}
-  <style type="text/css" nonce="ketchup-css-ketchups">
+  <style type="text/css">
     {{ range .Ketchups }}
       #delete-modal-{{ .ID }}:target,
       #edit-modal-{{ .ID }}:target,

diff --git a/cmd/ketchup/templates/public.html b/cmd/ketchup/templates/public.html
@@ -45,7 +45,7 @@
 {{ end }}
 
 {{ define "signup" }}
-  <style type="text/css" nonce="ketchup-css-signup">
+  <style type="text/css">
     .active-link {
       color: var(--primary);
     }

diff --git a/cmd/ketchup/templates/suggest.html b/cmd/ketchup/templates/suggest.html
@@ -1,6 +1,6 @@
 {{ define "suggests" }}
   {{ if .Suggests }}
-    <style type="text/css" nonce="ketchup-css-suggests">
+    <style type="text/css">
       .ketchups {
         align-items: center;
         display: flex;