From aa5d73959f8c6d35495d85170b780d3d95cd426a Mon Sep 17 00:00:00 2001
From: Vincent Boutour <bob@vibioh.fr>
Date: Sat, 16 Oct 2021 00:16:51 +0200
Subject: [PATCH] refactor: Removing nonce for js and css, waiting for better
 implem

Signed-off-by: Vincent Boutour <bob@vibioh.fr>
---
 README.md                          | 2 +-
 cmd/ketchup/api.go                 | 2 +-
 cmd/ketchup/templates/index.html   | 4 ++--
 cmd/ketchup/templates/ketchup.html | 4 ++--
 cmd/ketchup/templates/public.html  | 2 +-
 cmd/ketchup/templates/suggest.html | 2 +-
 6 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/README.md b/README.md
index 13c64bf9..4c354199 100644
--- a/README.md
+++ b/README.md
@@ -77,7 +77,7 @@ Usage of ketchup:
   -corsOrigin string
         [cors] Access-Control-Allow-Origin {KETCHUP_CORS_ORIGIN} (default "*")
   -csp string
-        [owasp] Content-Security-Policy {KETCHUP_CSP} (default "default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-ketchup-js-main' 'nonce-ketchup-js-create'; style-src 'self' 'nonce-ketchup-css-main' 'nonce-ketchup-css-ketchups' 'nonce-ketchup-css-suggests' 'nonce-ketchup-css-signup'")
+        [owasp] Content-Security-Policy {KETCHUP_CSP} (default "default-src 'self'; base-uri 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'")
   -dbHost string
         [db] Host {KETCHUP_DB_HOST}
   -dbMaxConn uint
diff --git a/cmd/ketchup/api.go b/cmd/ketchup/api.go
index e9ade0c3..233504ae 100644
--- a/cmd/ketchup/api.go
+++ b/cmd/ketchup/api.go
@@ -67,7 +67,7 @@ func main() {
 	alcotestConfig := alcotest.Flags(fs, "")
 	loggerConfig := logger.Flags(fs, "logger")
 	prometheusConfig := prometheus.Flags(fs, "prometheus", flags.NewOverride("Gzip", false))
-	owaspConfig := owasp.Flags(fs, "", flags.NewOverride("Csp", "default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-ketchup-js-main' 'nonce-ketchup-js-create'; style-src 'self' 'nonce-ketchup-css-main' 'nonce-ketchup-css-ketchups' 'nonce-ketchup-css-suggests' 'nonce-ketchup-css-signup'"))
+	owaspConfig := owasp.Flags(fs, "", flags.NewOverride("Csp", "default-src 'self'; base-uri 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'"))
 	corsConfig := cors.Flags(fs, "cors")
 	rendererConfig := renderer.Flags(fs, "", flags.NewOverride("Title", "Ketchup"), flags.NewOverride("PublicURL", "https://ketchup.vibioh.fr"))
 
diff --git a/cmd/ketchup/templates/index.html b/cmd/ketchup/templates/index.html
index 8f215495..30acd183 100644
--- a/cmd/ketchup/templates/index.html
+++ b/cmd/ketchup/templates/index.html
@@ -1,5 +1,5 @@
 {{ define "main-style" }}
-  <style type="text/css" nonce="ketchup-css-main">
+  <style type="text/css">
     :root {
       --primary: cornflowerblue;
       --success: limegreen;
@@ -260,7 +260,7 @@
 {{ end }}
 
 {{ define "main-script" }}
-  <script type="text/javascript" nonce="ketchup-js-main">
+  <script type="text/javascript">
     /**
     * Go back from state.
     */
diff --git a/cmd/ketchup/templates/ketchup.html b/cmd/ketchup/templates/ketchup.html
index 13db5324..ac6afa26 100644
--- a/cmd/ketchup/templates/ketchup.html
+++ b/cmd/ketchup/templates/ketchup.html
@@ -86,7 +86,7 @@ <h2 class="header">Create ketchup</h2>
     </div>
   </div>
 
-  <script type="text/javascript" nonce="ketchup-js-create">
+  <script type="text/javascript">
     const repositoryInput = document.getElementById('create-name');
     const nameInput = document.getElementById('create-part-wrapper');
 
@@ -208,7 +208,7 @@ <h2 class="header">Confirmation</h2>
 {{ end }}
 
 {{ define "ketchups" }}
-  <style type="text/css" nonce="ketchup-css-ketchups">
+  <style type="text/css">
     {{ range .Ketchups }}
       #delete-modal-{{ .ID }}:target,
       #edit-modal-{{ .ID }}:target,
diff --git a/cmd/ketchup/templates/public.html b/cmd/ketchup/templates/public.html
index 59ccc2fb..0955bef2 100644
--- a/cmd/ketchup/templates/public.html
+++ b/cmd/ketchup/templates/public.html
@@ -45,7 +45,7 @@
 {{ end }}
 
 {{ define "signup" }}
-  <style type="text/css" nonce="ketchup-css-signup">
+  <style type="text/css">
     .active-link {
       color: var(--primary);
     }
diff --git a/cmd/ketchup/templates/suggest.html b/cmd/ketchup/templates/suggest.html
index af26bc62..1247ed67 100644
--- a/cmd/ketchup/templates/suggest.html
+++ b/cmd/ketchup/templates/suggest.html
@@ -1,6 +1,6 @@
 {{ define "suggests" }}
   {{ if .Suggests }}
-    <style type="text/css" nonce="ketchup-css-suggests">
+    <style type="text/css">
       .ketchups {
         align-items: center;
         display: flex;