UW-31847 Switch to config driven nonce

urbn · Sep 7, 2023 · 41324f2 · 41324f2
1 parent d54d16a
commit 41324f2
Showing 1 changed file with 6 additions and 11 deletions.
diff --git a/src/renderer.js b/src/renderer.js
@@ -84,23 +84,13 @@ function createRenderer(bundle, options, config) {
     }, config.rendererOpts));
 }
 
-function addNonceToScriptTags(html, nonce) {
-    if (!nonce || !html) {
-        return html;
-    }
-    return html
-        .replace(/<script/g, `<script nonce="${nonce}"`)
-        .replace(/as="script">/g, `nonce="${nonce}" as="script">`);
-}
-
 function renderToString(config, context, res, cb) {
     renderers[config.name].renderToString(context,
         (err, html) => {
-            const nonceIncludedHTML = addNonceToScriptTags(html, res.locals.cspNonce);
             if (err) {
                 config.errorHandler(err, res, cb);
             } else {
-                res.send(nonceIncludedHTML);
+                res.send(html);
                 cb();
             }
         },
@@ -133,6 +123,11 @@ function render(config, clientManifest, req, res) {
 
     res.setHeader('Content-Type', 'text/html');
 
+    if (res.locals.cspNonce) {
+        // eslint-disable-next-line no-param-reassign
+        config.nonce = res.locals.cspNonce;
+    }
+
     // Render the appropriate Vue components into the renderer template
     // using the server render logic in entry-server.js
     const renderFn = config.stream ? renderToStream : renderToString;