Set Angular CSP

If you don't set this flag, Angular helpfully attempts to check if this is disabled by *triggering* a CSP violation just to see what happens... 🙈
2026-02-27 01:43:22 +00:00 · 2021-12-24 20:26:24 +00:00
parent 114a9d8993
commit ce9b64a848
4 changed files with 4 additions and 4 deletions
--- a/app/views/layouts/darkswarm.html.haml
+++ b/app/views/layouts/darkswarm.html.haml
@@ -1,4 +1,4 @@
-%html
+%html{ "ng-csp": "no-unsafe-eval" }
  %head
    %meta{charset: 'utf-8'}/
    %meta{name: 'viewport', content: "width=device-width,initial-scale=1.0"}/
--- a/app/views/layouts/registration.html.haml
+++ b/app/views/layouts/registration.html.haml
@@ -1,4 +1,4 @@
-%html
+%html{ "ng-csp": "no-unsafe-eval" }
  %head
    %meta{charset: 'utf-8'}/
    %meta{name: 'viewport', content: "width=device-width,initial-scale=1.0"}/
--- a/app/views/spree/layouts/admin.html.haml
+++ b/app/views/spree/layouts/admin.html.haml
@@ -1,5 +1,5 @@
 !!!
-%html{:lang => "en"}
+%html{:lang => "en", "ng-csp": "no-unsafe-eval" }
  %head{"data-hook" => "admin_inside_head"}
    = render :partial => 'spree/admin/shared/head'

--- a/app/views/spree/layouts/bare_admin.html.haml
+++ b/app/views/spree/layouts/bare_admin.html.haml
@@ -1,4 +1,4 @@
-%html{ lang: "en" }
+%html{ lang: "en", "ng-csp": "no-unsafe-eval" }
  %head{"data-hook" => "admin_inside_head"}= render :partial => 'spree/admin/shared/head'
  %body.admin{"data-ajax-root-path" => main_app.root_path}
    #wrapper{"data-hook" => ""}