Add nonce to eval in shortcuts.jsadd-nonce-to-shortcuts-eval

Prevents the eval script being blocked when we have CSP rules to disable inline scripts
author: Heinrich Lee Yu <heinrich@gitlab.com> 2019-08-15 14:10:24 +0800
committer: Heinrich Lee Yu <heinrich@gitlab.com> 2019-08-15 14:10:24 +0800
commit: dd9e88eddb24412cfaa82a22c92a9050d44773d0 (patch)
tree: 6ffd96cabcbfdbd881d396553137cd930a1a65c1
parent: ee9f0bb7a534ed2a7d805e934e0df8219a645660 (diff)
download: gitlab-ce-add-nonce-to-shortcuts-eval.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/app/assets/javascripts/behaviors/shortcuts/shortcuts.js b/app/assets/javascripts/behaviors/shortcuts/shortcuts.js
index eade1283513..7e3515b1f4b 100644
--- a/app/assets/javascripts/behaviors/shortcuts/shortcuts.js
+++ b/app/assets/javascripts/behaviors/shortcuts/shortcuts.js
@@ -4,7 +4,7 @@ import Mousetrap from 'mousetrap';
 import axios from '../../lib/utils/axios_utils';
 import { refreshCurrentPage, visitUrl } from '../../lib/utils/url_utility';
 import findAndFollowLink from '../../lib/utils/navigation_utility';
-import { parseBoolean } from '~/lib/utils/common_utils';
+import { parseBoolean, getCspNonceValue } from '~/lib/utils/common_utils';
 
 const defaultStopCallback = Mousetrap.stopCallback;
 Mousetrap.stopCallback = (e, element, combo) => {
@@ -94,7 +94,7 @@ export default class Shortcuts {
         responseType: 'text',
       })
       .then(({ data }) => {
-        $.globalEval(data);
+        $.globalEval(data, { nonce: getCspNonceValue() });
 
         if (location && location.length > 0) {
           const results = [];
author	Heinrich Lee Yu <heinrich@gitlab.com>	2019-08-15 14:10:24 +0800
committer	Heinrich Lee Yu <heinrich@gitlab.com>	2019-08-15 14:10:24 +0800
commit	dd9e88eddb24412cfaa82a22c92a9050d44773d0 (patch)
tree	6ffd96cabcbfdbd881d396553137cd930a1a65c1
parent	ee9f0bb7a534ed2a7d805e934e0df8219a645660 (diff)
download	gitlab-ce-add-nonce-to-shortcuts-eval.tar.gz