From 2fc6a521c37976122a633155f547640fe88830b0 Mon Sep 17 00:00:00 2001
From: regalijan <r@regalijan.com>
Date: Thu, 19 Oct 2023 16:50:23 -0400
Subject: [PATCH] Set nonces for inline scripts

---
 app/root.tsx             | 2 +-
 functions/_middleware.ts | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/root.tsx b/app/root.tsx
index f419f52..9704d3e 100644
--- a/app/root.tsx
+++ b/app/root.tsx
@@ -157,7 +157,7 @@ function getMarkup(
             <div className="App">
               <Navigation {...loaderData} />
               {children}
-              <Scripts />
+              <Scripts nonce={loaderData.nonce} />
             </div>
           </ChakraProvider>
         </StrictMode>
diff --git a/functions/_middleware.ts b/functions/_middleware.ts
index 02ed8e9..84e461f 100644
--- a/functions/_middleware.ts
+++ b/functions/_middleware.ts
@@ -106,7 +106,7 @@ async function setHeaders(context: RequestContext) {
 
   response.headers.set(
     "Content-Security-Policy",
-    `connect-src https://o1071757.ingest.sentry.io https://storage.googleapis.com 'self'; default-src 'self'; frame-src https://challenges.cloudflare.com; img-src https://cdn.discordapp.com https://mediaproxy.carcrushers.cc 'self'; media-src https://mediaproxy.carcrushers.cc; report-uri https://o1071757.ingest.sentry.io/api/6069431/security/?sentry_key=3d2b34700e6942f9b739cd8b2001f70f; script-src https://challenges.cloudflare.com 'self'; style-src nonce-${nonce} 'self'`,
+    `connect-src https://o1071757.ingest.sentry.io https://storage.googleapis.com 'self'; default-src 'self'; frame-src https://challenges.cloudflare.com; img-src https://cdn.discordapp.com https://mediaproxy.carcrushers.cc 'self'; media-src https://mediaproxy.carcrushers.cc; report-uri https://o1071757.ingest.sentry.io/api/6069431/security/?sentry_key=3d2b34700e6942f9b739cd8b2001f70f; script-src https://challenges.cloudflare.com nonce-${nonce} 'self'; style-src nonce-${nonce} 'self'`,
   );
   response.headers.set("Permissions-Policy", "clipboard-write=(self)");
   response.headers.set("Referrer-Policy", "same-origin");