From ce9b64a848e5f31d2af6156b552cfeac28cb3522 Mon Sep 17 00:00:00 2001
From: Matt-Yorkley <9029026+Matt-Yorkley@users.noreply.github.com>
Date: Fri, 24 Dec 2021 20:26:24 +0000
Subject: [PATCH] Set Angular CSP

If you don't set this flag, Angular helpfully attempts to check if this is disabled by *triggering* a CSP violation just to see what happens... :see_no_evil:
---
 app/views/layouts/darkswarm.html.haml        | 2 +-
 app/views/layouts/registration.html.haml     | 2 +-
 app/views/spree/layouts/admin.html.haml      | 2 +-
 app/views/spree/layouts/bare_admin.html.haml | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/app/views/layouts/darkswarm.html.haml b/app/views/layouts/darkswarm.html.haml
index caa8c9fe06..fedbcdddfc 100644
--- a/app/views/layouts/darkswarm.html.haml
+++ b/app/views/layouts/darkswarm.html.haml
@@ -1,4 +1,4 @@
-%html
+%html{ "ng-csp": "no-unsafe-eval" }
   %head
     %meta{charset: 'utf-8'}/
     %meta{name: 'viewport', content: "width=device-width,initial-scale=1.0"}/
diff --git a/app/views/layouts/registration.html.haml b/app/views/layouts/registration.html.haml
index ad947d5a1f..7ad2a4427f 100644
--- a/app/views/layouts/registration.html.haml
+++ b/app/views/layouts/registration.html.haml
@@ -1,4 +1,4 @@
-%html
+%html{ "ng-csp": "no-unsafe-eval" }
   %head
     %meta{charset: 'utf-8'}/
     %meta{name: 'viewport', content: "width=device-width,initial-scale=1.0"}/
diff --git a/app/views/spree/layouts/admin.html.haml b/app/views/spree/layouts/admin.html.haml
index 530b83bdb5..2895809887 100644
--- a/app/views/spree/layouts/admin.html.haml
+++ b/app/views/spree/layouts/admin.html.haml
@@ -1,5 +1,5 @@
 !!!
-%html{:lang => "en"}
+%html{:lang => "en", "ng-csp": "no-unsafe-eval" }
   %head{"data-hook" => "admin_inside_head"}
     = render :partial => 'spree/admin/shared/head'
 
diff --git a/app/views/spree/layouts/bare_admin.html.haml b/app/views/spree/layouts/bare_admin.html.haml
index 2ad44e016e..22955e8f9e 100644
--- a/app/views/spree/layouts/bare_admin.html.haml
+++ b/app/views/spree/layouts/bare_admin.html.haml
@@ -1,4 +1,4 @@
-%html{ lang: "en" }
+%html{ lang: "en", "ng-csp": "no-unsafe-eval" }
   %head{"data-hook" => "admin_inside_head"}= render :partial => 'spree/admin/shared/head'
   %body.admin{"data-ajax-root-path" => main_app.root_path}
     #wrapper{"data-hook" => ""}