Merge branch 'sh-support-csp-nonce' into 'master'

Add support for Content-Security-Policy Closes #65330 See merge request gitlab-org/gitlab-ce!31402
author: Ash McKenzie <amckenzie@gitlab.com> 2019-08-07 05:03:05 +0000
committer: Ash McKenzie <amckenzie@gitlab.com> 2019-08-07 05:03:05 +0000
commit: 6cafa7002738f33c212b9f72d9b0f66b386c6faf (patch)
tree: d156193d59dcda4f3e2e3e20d805884fcb956278 /app/assets
parent: 3f392969902e91f8ace18891544e9357a69bfd08 (diff)
parent: 5fbbd3dd6e965f76ecf1767373bddd236a78a4be (diff)
download: gitlab-ce-6cafa7002738f33c212b9f72d9b0f66b386c6faf.tar.gz
1 files changed, 6 insertions, 1 deletions
diff --git a/app/assets/javascripts/lib/utils/common_utils.js b/app/assets/javascripts/lib/utils/common_utils.js
index 5e90893b684..31c4a920bbe 100644
--- a/app/assets/javascripts/lib/utils/common_utils.js
+++ b/app/assets/javascripts/lib/utils/common_utils.js
@@ -44,6 +44,11 @@ export const isInIssuePage = () => checkPageAndAction('issues', 'show');
 export const isInMRPage = () => checkPageAndAction('merge_requests', 'show');
 export const isInEpicPage = () => checkPageAndAction('epics', 'show');
 
+export const getCspNonceValue = () => {
+  const metaTag = document.querySelector('meta[name=csp-nonce]');
+  return metaTag && metaTag.content;
+};
+
 export const ajaxGet = url =>
   axios
     .get(url, {
@@ -51,7 +56,7 @@ export const ajaxGet = url =>
       responseType: 'text',
     })
     .then(({ data }) => {
-      $.globalEval(data);
+      $.globalEval(data, { nonce: getCspNonceValue() });
     });
 
 export const rstrip = val => {
author	Ash McKenzie <amckenzie@gitlab.com>	2019-08-07 05:03:05 +0000
committer	Ash McKenzie <amckenzie@gitlab.com>	2019-08-07 05:03:05 +0000
commit	6cafa7002738f33c212b9f72d9b0f66b386c6faf (patch)
tree	d156193d59dcda4f3e2e3e20d805884fcb956278 /app/assets
parent	3f392969902e91f8ace18891544e9357a69bfd08 (diff)
parent	5fbbd3dd6e965f76ecf1767373bddd236a78a4be (diff)
download	gitlab-ce-6cafa7002738f33c212b9f72d9b0f66b386c6faf.tar.gz