From bb3d4a096633722ae92ed9b69f05f8ee614ec164 Mon Sep 17 00:00:00 2001 From: alokhyland Date: Tue, 19 Nov 2024 12:49:45 +0530 Subject: [PATCH] WEBUI-1446: Manage CSP headers without the insecure unsafe-inline directive --- addons/nuxeo-spreadsheet/webpack.config.js | 5 ----- package.json | 1 - .../src/main/resources/web/nuxeo.war/ui/index.jsp | 10 +++++----- 3 files changed, 5 insertions(+), 11 deletions(-) diff --git a/addons/nuxeo-spreadsheet/webpack.config.js b/addons/nuxeo-spreadsheet/webpack.config.js index b12b542a71..e9ec5aad6a 100644 --- a/addons/nuxeo-spreadsheet/webpack.config.js +++ b/addons/nuxeo-spreadsheet/webpack.config.js @@ -1,7 +1,6 @@ const { resolve } = require('path'); const { ProvidePlugin } = require('webpack'); const HtmlWebpackPlugin = require('html-webpack-plugin'); -const htmlWebpackInjectAttributesPlugin = require('html-webpack-inject-attributes-plugin'); module.exports = { entry: { @@ -17,9 +16,5 @@ module.exports = { chunks: ['spreadsheet.app'], template: resolve(__dirname, 'app', 'index.html'), }), - /* eslint-disable-next-line new-cap */ - new htmlWebpackInjectAttributesPlugin({ - nonce: 'dummy', - }), ], }; diff --git a/package.json b/package.json index 02640aace8..a5884f071e 100644 --- a/package.json +++ b/package.json @@ -31,7 +31,6 @@ "expose-loader": "^1.0.1", "glob": "^7.1.3", "html-loader": "^1.3.2", - "html-webpack-inject-attributes-plugin": "^1.0.6", "html-webpack-plugin": "^5.6.0", "http-server": "^0.11.1", "husky": "^4.2.3", diff --git a/plugin/web-ui/addon/src/main/resources/web/nuxeo.war/ui/index.jsp b/plugin/web-ui/addon/src/main/resources/web/nuxeo.war/ui/index.jsp index 718c2f0751..c23574fec6 100644 --- a/plugin/web-ui/addon/src/main/resources/web/nuxeo.war/ui/index.jsp +++ b/plugin/web-ui/addon/src/main/resources/web/nuxeo.war/ui/index.jsp @@ -98,15 +98,15 @@ limitations under the License. - + - + - + - + - +