SeanOMik
/
roulette
mirror of https://git.seedno.de/seednode/roulette.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Change nonce length to a constant

This commit is contained in:
Seednode 2024-01-30 13:27:45 -06:00
parent dbe3bbe0d6
commit 3814e10f20
9 changed files with 13 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
cmd/errors.go
View File

@ -31,7 +31,7 @@ func notFound(w http.ResponseWriter, r *http.Request, path string) error {
w.WriteHeader(http.StatusNotFound) w.WriteHeader(http.StatusNotFound)
w.Header().Add("Content-Type", "text/html") w.Header().Add("Content-Type", "text/html")
nonce := types.GetNonce(6) nonce := types.GetNonce()
w.Header().Add("Content-Security-Policy", fmt.Sprintf("default-src 'self' 'nonce-%s';", nonce)) w.Header().Add("Content-Security-Policy", fmt.Sprintf("default-src 'self' 'nonce-%s';", nonce))
@ -57,7 +57,7 @@ func serverError(w http.ResponseWriter, r *http.Request, i interface{}) {
w.WriteHeader(http.StatusInternalServerError) w.WriteHeader(http.StatusInternalServerError)
w.Header().Add("Content-Type", "text/html") w.Header().Add("Content-Type", "text/html")
nonce := types.GetNonce(6) nonce := types.GetNonce()
w.Header().Add("Content-Security-Policy", fmt.Sprintf("default-src 'self' 'nonce-%s';", nonce)) w.Header().Add("Content-Security-Policy", fmt.Sprintf("default-src 'self' 'nonce-%s';", nonce))

2
cmd/root.go
View File

@ -17,7 +17,7 @@ import (
const ( const (
AllowedCharacters string = `^[A-z0-9.\-_]+$` AllowedCharacters string = `^[A-z0-9.\-_]+$`
ReleaseVersion string = "8.2.0" ReleaseVersion string = "8.3.0"
) )
var ( var (

2
types/audio/audio.go
View File

@ -15,7 +15,7 @@ import (
type Format struct{} type Format struct{}
func (t Format) CSP(w http.ResponseWriter) string { func (t Format) CSP(w http.ResponseWriter) string {
nonce := types.GetNonce(6) nonce := types.GetNonce()
w.Header().Add("Content-Security-Policy", fmt.Sprintf("default-src 'self' 'nonce-%s';", nonce)) w.Header().Add("Content-Security-Policy", fmt.Sprintf("default-src 'self' 'nonce-%s';", nonce))

2
types/code/code.go
View File

@ -26,7 +26,7 @@ type Format struct {
} }
func (t Format) CSP(w http.ResponseWriter) string { func (t Format) CSP(w http.ResponseWriter) string {
nonce := types.GetNonce(6) nonce := types.GetNonce()
w.Header().Add("Content-Security-Policy", fmt.Sprintf("default-src 'self' 'nonce-%s'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline';", nonce)) w.Header().Add("Content-Security-Policy", fmt.Sprintf("default-src 'self' 'nonce-%s'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline';", nonce))

2
types/flash/flash.go
View File

@ -15,7 +15,7 @@ import (
type Format struct{} type Format struct{}
func (t Format) CSP(w http.ResponseWriter) string { func (t Format) CSP(w http.ResponseWriter) string {
nonce := types.GetNonce(6) nonce := types.GetNonce()
w.Header().Add("Content-Security-Policy", fmt.Sprintf("default-src 'self' 'nonce-%s'; script-src 'self' 'unsafe-inline'", nonce)) w.Header().Add("Content-Security-Policy", fmt.Sprintf("default-src 'self' 'nonce-%s'; script-src 'self' 'unsafe-inline'", nonce))

2
types/images/images.go
View File

@ -32,7 +32,7 @@ type Format struct {
} }
func (t Format) CSP(w http.ResponseWriter) string { func (t Format) CSP(w http.ResponseWriter) string {
nonce := types.GetNonce(6) nonce := types.GetNonce()
w.Header().Add("Content-Security-Policy", fmt.Sprintf("default-src 'self' 'nonce-%s';", nonce)) w.Header().Add("Content-Security-Policy", fmt.Sprintf("default-src 'self' 'nonce-%s';", nonce))

2
types/text/text.go
View File

@ -18,7 +18,7 @@ import (
type Format struct{} type Format struct{}
func (t Format) CSP(w http.ResponseWriter) string { func (t Format) CSP(w http.ResponseWriter) string {
nonce := types.GetNonce(6) nonce := types.GetNonce()
w.Header().Add("Content-Security-Policy", fmt.Sprintf("default-src 'self' 'nonce-%s';", nonce)) w.Header().Add("Content-Security-Policy", fmt.Sprintf("default-src 'self' 'nonce-%s';", nonce))

6
types/types.go
View File

@ -13,6 +13,8 @@ import (
"strings" "strings"
) )
const NonceLength = 6
var SupportedFormats = make(Types) var SupportedFormats = make(Types)
type Type interface { type Type interface {
@ -136,8 +138,8 @@ func removeDuplicateStr(strSlice []string) []string {
return list return list
} }
func GetNonce(length int) string { func GetNonce() string {
b := make([]byte, length) b := make([]byte, NonceLength)
if _, err := rand.Read(b); err != nil { if _, err := rand.Read(b); err != nil {
return "" return ""
} }

2
types/video/video.go
View File

@ -16,7 +16,7 @@ import (
type Format struct{} type Format struct{}
func (t Format) CSP(w http.ResponseWriter) string { func (t Format) CSP(w http.ResponseWriter) string {
nonce := types.GetNonce(6) nonce := types.GetNonce()
w.Header().Add("Content-Security-Policy", fmt.Sprintf("default-src 'self' 'nonce-%s';", nonce)) w.Header().Add("Content-Security-Policy", fmt.Sprintf("default-src 'self' 'nonce-%s';", nonce))