more using nonce

mbta · Nov 22, 2024 · a77dde6 · a77dde6
1 parent 2fcee43
commit a77dde6
Show file tree

Hide file tree

Showing 9 changed files with 26 additions and 1 deletion.
diff --git a/lib/dotcom_web/templates/fare/proposed_sales_locations.html.heex b/lib/dotcom_web/templates/fare/proposed_sales_locations.html.heex
@@ -38,6 +38,7 @@
           src={static_url(@conn, "/js/tnm.js")}
           integrity={static_integrity(@conn, "/js/tnm.js")}
           crossorigin="anonymous"
+          nonce={assigns[:nonce]}
         >
         </script>
       <% end %>

diff --git a/lib/dotcom_web/templates/fare/retail_sales_locations.html.heex b/lib/dotcom_web/templates/fare/retail_sales_locations.html.heex
@@ -23,6 +23,7 @@
           src={static_url(@conn, "/js/tnm.js")}
           integrity={static_integrity(@conn, "/js/tnm.js")}
           crossorigin="anonymous"
+          nonce={assigns[:nonce]}
         >
         </script>
       <% end %>

diff --git a/lib/dotcom_web/templates/layout/root.html.heex b/lib/dotcom_web/templates/layout/root.html.heex
@@ -79,20 +79,23 @@
       href={static_url(@conn, "/css/core.css")}
       integrity={static_integrity(@conn, "/css/core.css")}
       crossorigin="anonymous"
+      nonce={assigns[:nonce]}
     />
     <link
       :if={!dev_server?}
       rel="stylesheet"
       href={static_url(@conn, "/css/app.css")}
       integrity={static_integrity(@conn, "/css/app.css")}
       crossorigin="anonymous"
+      nonce={assigns[:nonce]}
     />
     <script
       :if={!dev_server?}
       defer
       src={static_url(@conn, "/js/vendors.js")}
       integrity={static_integrity(@conn, "/js/vendors.js")}
       crossorigin="anonymous"
+      nonce={assigns[:nonce]}
     >
     </script>
     <script
@@ -101,6 +104,7 @@
       src={static_url(@conn, "/js/app.js")}
       integrity={static_integrity(@conn, "/js/app.js")}
       crossorigin="anonymous"
+      nonce={assigns[:nonce]}
     >
     </script>
   </head>
@@ -151,6 +155,7 @@
       src={static_url(@conn, "/js/react.js")}
       integrity={static_integrity(@conn, "/js/react.js")}
       crossorigin="anonymous"
+      nonce={assigns[:nonce]}
     >
     </script>
     <%!-- End unnecessary scripts --%>

diff --git a/lib/dotcom_web/templates/layout/style_guide.html.eex b/lib/dotcom_web/templates/layout/style_guide.html.eex
@@ -37,7 +37,7 @@
         </div>
       </main>
       <footer></footer>
-      <script src="<%= static_url(@conn, "/js/app.js") %>"></script>
+      <script nonce={assigns[:nonce]} src="<%= static_url(@conn, "/js/app.js") %>"></script>
     </div>
   </body>
 </html>
diff --git a/lib/dotcom_web/templates/project/index.html.heex b/lib/dotcom_web/templates/project/index.html.heex
@@ -7,13 +7,15 @@
     src={static_url(@conn, "/js/react.js")}
     integrity={static_integrity(@conn, "/js/react.js")}
     crossorigin="anonymous"
+    nonce={assigns[:nonce]}
   >
   </script>
   <script
     defer
     src={static_url(@conn, "/js/projects.js")}
     integrity={static_integrity(@conn, "/js/projects.js")}
     crossorigin="anonymous"
+    nonce={assigns[:nonce]}
   >
   </script>
 <% end %>

diff --git a/lib/dotcom_web/templates/schedule/_line.html.heex b/lib/dotcom_web/templates/schedule/_line.html.heex
@@ -25,6 +25,7 @@
   href={static_url(@conn, "/css/map.css")}
   integrity={static_integrity(@conn, "/css/map.css")}
   crossorigin="anonymous"
+  nonce={assigns[:nonce]}
 />
 <%= if Application.get_env(:dotcom, :dev_server?) do %>
   <script defer src={"#{Application.get_env(:dotcom, :webpack_path)}/schedule.js"}>
@@ -35,13 +36,15 @@
     src={static_url(@conn, "/js/react.js")}
     integrity={static_integrity(@conn, "/js/react.js")}
     crossorigin="anonymous"
+    nonce={assigns[:nonce]}
   >
   </script>
   <script
     defer
     src={static_url(@conn, "/js/schedule.js")}
     integrity={static_integrity(@conn, "/js/schedule.js")}
     crossorigin="anonymous"
+    nonce={assigns[:nonce]}
   >
   </script>
 <% end %>

diff --git a/lib/dotcom_web/templates/stop/show.html.heex b/lib/dotcom_web/templates/stop/show.html.heex
@@ -3,6 +3,7 @@
   href={static_url(@conn, "/css/map.css")}
   integrity={static_integrity(@conn, "/css/map.css")}
   crossorigin="anonymous"
+  nonce={assigns[:nonce]}
 />
 <div>
   <div id="react-stop-root" data-mbta-stop-id={@stop_id}></div>
@@ -17,20 +18,23 @@
     src={static_url(@conn, "/js/react.js")}
     integrity={static_integrity(@conn, "/js/react.js")}
     crossorigin="anonymous"
+    nonce={assigns[:nonce]}
   >
   </script>
   <script
     defer
     src={static_url(@conn, "/js/leaflet.js")}
     integrity={static_integrity(@conn, "/js/leaflet.js")}
     crossorigin="anonymous"
+    nonce={assigns[:nonce]}
   >
   </script>
   <script
     defer
     src={static_url(@conn, "/js/stop.js")}
     integrity={static_integrity(@conn, "/js/stop.js")}
     crossorigin="anonymous"
+    nonce={assigns[:nonce]}
   >
   </script>
 <% end %>
diff --git a/lib/dotcom_web/templates/transit_near_me/index.html.heex b/lib/dotcom_web/templates/transit_near_me/index.html.heex
@@ -10,6 +10,7 @@
   href={static_url(@conn, "/css/map.css")}
   integrity={static_integrity(@conn, "/css/map.css")}
   crossorigin="anonymous"
+  nonce={assigns[:nonce]}
 />
 <script data-for="tnm-map" id="js-tnm-map-dynamic-data" type="text/plain">
   <%= raw Poison.encode!(@map_data) %>
@@ -30,13 +31,15 @@
     src={static_url(@conn, "/js/react.js")}
     integrity={static_integrity(@conn, "/js/react.js")}
     crossorigin="anonymous"
+    nonce={assigns[:nonce]}
   >
   </script>
   <script
     defer
     src={static_url(@conn, "/js/tnm.js")}
     integrity={static_integrity(@conn, "/js/tnm.js")}
     crossorigin="anonymous"
+    nonce={assigns[:nonce]}
   >
   </script>
 <% end %>
diff --git a/lib/dotcom_web/templates/trip_plan/index.html.heex b/lib/dotcom_web/templates/trip_plan/index.html.heex
@@ -8,6 +8,7 @@
         href={static_url(@conn, "/css/map.css")}
         integrity={static_integrity(@conn, "/css/map.css")}
         crossorigin="anonymous"
+        nonce={assigns[:nonce]}
       />
       <%= case assigns[:query] do %>
         <% %{itineraries: {:ok, _}} -> %>
@@ -39,13 +40,15 @@
               src={static_url(@conn, "/js/react.js")}
               integrity={static_integrity(@conn, "/js/react.js")}
               crossorigin="anonymous"
+              nonce={assigns[:nonce]}
             >
             </script>
             <script
               defer
               src={static_url(@conn, "/js/tripplanresults.js")}
               integrity={static_integrity(@conn, "/js/tripplanresults.js")}
               crossorigin="anonymous"
+              nonce={assigns[:nonce]}
             >
             </script>
           <% end %>
@@ -66,6 +69,7 @@
               href={static_url(@conn, "/css/map.css")}
               integrity={static_integrity(@conn, "/css/map.css")}
               crossorigin="anonymous"
+              nonce={assigns[:nonce]}
             />
             <div class="trip-plan-initial-map map" id="react-root"></div>
             <%= if Application.get_env(:dotcom, :dev_server?) do %>
@@ -80,13 +84,15 @@
                 src={static_url(@conn, "/js/react.js")}
                 integrity={static_integrity(@conn, "/js/react.js")}
                 crossorigin="anonymous"
+                nonce={assigns[:nonce]}
               >
               </script>
               <script
                 defer
                 src={static_url(@conn, "/js/tripplanner.js")}
                 integrity={static_integrity(@conn, "/js/tripplanner.js")}
                 crossorigin="anonymous"
+                nonce={assigns[:nonce]}
               >
               </script>
             <% end %>