Skip to content
This repository was archived by the owner on Oct 8, 2019. It is now read-only.

Commit e25b0ed

Browse files
abhisharma2abhisharma2
committed
Merge pull request #87 from blockchain/unsafe-inline-css
refactor(CSP): unsafe-inline CSS
2 parents f8504b9 + af3caed commit e25b0ed

File tree

3 files changed

+25
-5
lines changed

3 files changed

+25
-5
lines changed

app/index.jade

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -181,7 +181,6 @@ head
181181
}
182182

183183
body(ng-controller="AppCtrl", ui-view="body")
184-
noscript(style="display:flex; display: -webkit-flex; -webkit-flex-direction: column; flex-direction: column; -webkit-justify-content: center; justify-content: center; -webkit-align-items: center; align-items:center; height: 100%; width: 100%;")
185-
img(src="/img/logo-bw.png" style="margin-bottom: 3em;")
186-
h3(style="").
187-
Please enable JavaScript to use the Blockchain Wallet
184+
noscript
185+
img(src="/img/logo-bw.png")
186+
h3 Please enable JavaScript to use the Blockchain Wallet

assets/css/blockchain.css.scss

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -121,3 +121,20 @@ html,body {
121121
}
122122
}
123123
.z-10 { z-index: 10; }
124+
125+
noscript {
126+
display:flex;
127+
display: -webkit-flex;
128+
-webkit-flex-direction: column;
129+
flex-direction: column;
130+
-webkit-justify-content: center;
131+
justify-content: center;
132+
-webkit-align-items: center;
133+
align-items:center;
134+
height: 100%;
135+
width: 100%;
136+
137+
img {
138+
margin-bottom: 3em;
139+
}
140+
}

server.coffee

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -29,7 +29,11 @@ dist = process.env.DIST? && parseInt(process.env.DIST)
2929
app.configure ->
3030
app.use (req, res, next) ->
3131
if req.url == "/"
32-
res.setHeader "content-security-policy", "img-src 'self' data:; style-src 'self'; frame-src 'self' https://*.youtube.com; script-src 'self' 'sha256-mBeSvdVuQxRa2pGoL8lzKX14b2vKgssqQoW36iRlU9g='; connect-src 'self' *.blockchain.info *.blockchain.com wss://*.blockchain.info https://blockchain.info https://api.sharedcoin.com; object-src 'none'; media-src 'self' data: mediastream: blob:; font-src 'self'"
32+
# Inline style hashes, in case we want to remove unsafe-inline:
33+
# 'sha256-vv5i1tRAGZ/gOQeRpI3CEWtvnCpu5FCixlD2ZPu7h84=' : angular-charts
34+
# 'sha256-47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU=' : angular-charts
35+
# lots... : jQuery
36+
res.setHeader "content-security-policy", "img-src 'self' data:; style-src 'self' 'unsafe-inline'; frame-src 'self' https://*.youtube.com; script-src 'self' 'sha256-mBeSvdVuQxRa2pGoL8lzKX14b2vKgssqQoW36iRlU9g='; connect-src 'self' *.blockchain.info *.blockchain.com wss://*.blockchain.info https://blockchain.info https://api.sharedcoin.com; object-src 'none'; media-src 'self' data: mediastream: blob:; font-src 'self'"
3337
res.setHeader "X-Frame-Options", "SAMEORIGIN"
3438
if req.url.indexOf("beta_key")
3539
# Don't cache these

0 commit comments

Comments
 (0)