Skip to content

Commit

Permalink
feat: Enable CSP with nonce
Browse files Browse the repository at this point in the history
  • Loading branch information
@andreituicu
andreituicu committed Feb 11, 2025
1 parent 8ffdad1 commit 025d6b1
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 7 deletions.
13 changes: 9 additions & 4 deletions 404.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,15 +2,20 @@
<html>

<head>
<meta
http-equiv="Content-Security-Policy"
content="script-src 'nonce-aem' 'strict-dynamic'; base-uri 'self'; object-src 'none';"
move-as-header="true"
>
<title>Page not found</title>
<script type="text/javascript">
<script nonce="aem" type="text/javascript">
window.isErrorPage = true;
window.errorCode = '404';
</script>
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta property="og:title" content="Page not found">
<script src="/scripts/scripts.js" type="module" crossorigin="use-credentials"></script>
<script type="module">
<script nonce="aem" src="/scripts/scripts.js" type="module" crossorigin="use-credentials"></script>
<script nonce="aem" type="module">
window.addEventListener('load', () => {
if (document.referrer) {
const { origin, pathname } = new URL(document.referrer);
Expand All @@ -26,7 +31,7 @@
}
});
</script>
<script type="module">
<script nonce="aem" type="module">
import { sampleRUM } from '/scripts/lib-franklin.js';
import { applyRedirects } from '/scripts/redirects.js';
await applyRedirects();
Expand Down
11 changes: 8 additions & 3 deletions head.html
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,11 @@
<!-- v7 -->
<meta
http-equiv="Content-Security-Policy"
content="script-src 'nonce-aem' 'strict-dynamic'; base-uri 'self'; object-src 'none';"
move-as-header="true"
>
<meta name="viewport" content="width=device-width, initial-scale=1"/>
<script src="/scripts/lib-franklin.js" type="module"></script>
<script src="/scripts/scripts.js" type="module"></script>
<script src="/scripts/indexing-test.js?date=2024-08-16" type="module"></script>
<script nonce="aem" src="/scripts/lib-franklin.js" type="module"></script>
<script nonce="aem" src="/scripts/scripts.js" type="module"></script>
<script nonce="aem" src="/scripts/indexing-test.js?date=2024-08-16" type="module"></script>
<link rel="stylesheet" href="/styles/styles.css"/>

0 comments on commit 025d6b1

Please sign in to comment.