remove script hash
This commit is contained in:
parent
a8ad8b22ff
commit
e5b9ad70e8
|
@ -1,13 +1,6 @@
|
||||||
import React from 'react';
|
import React from 'react';
|
||||||
import Document, { Html, Head, Main, NextScript } from 'next/document';
|
import Document, { Html, Head, Main, NextScript } from 'next/document';
|
||||||
import { ServerStyleSheet } from 'styled-components';
|
import { ServerStyleSheet } from 'styled-components';
|
||||||
import crypto from 'crypto';
|
|
||||||
|
|
||||||
const cspHashOf = (text) => {
|
|
||||||
const hash = crypto.createHash('sha256');
|
|
||||||
hash.update(text);
|
|
||||||
return `'sha256-${hash.digest('base64')}'`;
|
|
||||||
};
|
|
||||||
|
|
||||||
export default class MyDocument extends Document {
|
export default class MyDocument extends Document {
|
||||||
static async getInitialProps(ctx) {
|
static async getInitialProps(ctx) {
|
||||||
|
@ -37,17 +30,9 @@ export default class MyDocument extends Document {
|
||||||
}
|
}
|
||||||
|
|
||||||
render() {
|
render() {
|
||||||
const scriptDirectiveWithHash = `script-src 'unsafe-inline' 'self' ${cspHashOf(
|
|
||||||
NextScript.getInlineScriptSource(this.props)
|
|
||||||
)};`;
|
|
||||||
|
|
||||||
return (
|
return (
|
||||||
<Html lang="en">
|
<Html lang="en">
|
||||||
<Head>
|
<Head>
|
||||||
<meta
|
|
||||||
httpEquiv="Content-Security-Policy-Report-Only"
|
|
||||||
content={scriptDirectiveWithHash}
|
|
||||||
/>
|
|
||||||
<meta
|
<meta
|
||||||
name="description"
|
name="description"
|
||||||
content="ente is a privacy focussed photo storage service that offers end-to-end encryption."
|
content="ente is a privacy focussed photo storage service that offers end-to-end encryption."
|
||||||
|
|
Loading…
Reference in a new issue