fixup! Fixes #25032: Use Content-Security-Policy strict headers in ut…

…ilities pages

Fixes #25032:  Use Content-Security-Policy strict headers in utilities pages

webapp/sources/rudder/rudder-web/src/main/scala/com/normation/rudder/web/services/EventListDisplayer.scala

@@ -39,6 +39,7 @@ package com.normation.rudder.web.services
 import com.normation.box.*
 import com.normation.eventlog.EventLog
 import com.normation.rudder.repository.*
+import com.normation.rudder.web.snippet.WithNonce
 import doobie.*
 import doobie.implicits.*
 import doobie.implicits.javasql.*
@@ -127,12 +128,12 @@ class EventListDisplayer(repos: EventLogRepository) extends Loggable {
 
     val refresh = AnonFunc(SHtml.ajaxInvoke(() => getLastEvents))
 
-    Script(OnLoad(JsRaw(s"""
+    WithNonce.scriptWithNonce(Script(OnLoad(JsRaw(s"""
      var refreshEventLogs = ${refresh.toJsCmd};
      initDatePickers("#filterLogs", ${AnonFunc("param", SHtml.ajaxCall(JsVar("param"), getEventsInterval)._2).toJsCmd});
      createEventLogTable('${gridName}',[], '${S.contextPath}', refreshEventLogs)
      refreshEventLogs();
-    """)))
+    """))))
   }
 
 }

webapp/sources/rudder/rudder-web/src/main/scala/com/normation/rudder/web/snippet/administration/Archives.scala

@@ -48,6 +48,7 @@ import com.normation.rudder.git.GitArchiveId
 import com.normation.rudder.git.GitCommitId
 import com.normation.rudder.repository.*
 import com.normation.rudder.users.CurrentUser
+import com.normation.rudder.web.snippet.WithNonce
 import com.normation.utils.DateFormaterService
 import net.liftweb.common.*
 import net.liftweb.http.*
@@ -383,22 +384,26 @@ class Archives extends DispatchSnippet with Loggable {
     } &
     ("#" + restoreButtonId) #> {
       (SHtml.ajaxSubmit(restoreButtonName, restore _, ("id" -> restoreButtonId), ("class", "btn btn-default")) ++
-      Script(
-        OnLoad(
-          JsRaw(
-            """enableIfNonEmpty("%s", "%s");$("#%s").prop("disabled",true);"""
-              .format(archiveDateSelectId, restoreButtonId, restoreButtonId)
+      WithNonce.scriptWithNonce(
+        Script(
+          OnLoad(
+            JsRaw(
+              """enableIfNonEmpty("%s", "%s");$("#%s").prop("disabled",true);"""
+                .format(archiveDateSelectId, restoreButtonId, restoreButtonId)
+            )
           )
         )
       )): NodeSeq
     } &
     ("#" + downloadButtonId) #> {
       (SHtml.ajaxSubmit(downloadButtonName, download _, ("id" -> downloadButtonId), ("class", "btn btn-default")) ++
-      Script(
-        OnLoad(
-          JsRaw(
-            """enableIfNonEmpty("%s", "%s");$("#%s").prop("disabled",true);"""
-              .format(archiveDateSelectId, downloadButtonId, downloadButtonId)
+      WithNonce.scriptWithNonce(
+        Script(
+          OnLoad(
+            JsRaw(
+              """enableIfNonEmpty("%s", "%s");$("#%s").prop("disabled",true);"""
+                .format(archiveDateSelectId, downloadButtonId, downloadButtonId)
+            )
           )
         )
       )): NodeSeq

webapp/sources/rudder/rudder-web/src/main/webapp/secure/utilities/archiveManagement.html

@@ -1,7 +1,7 @@
 <lift:surround data-lift="with-enabled-csp" with="common-layout" at="content">
 
 <head>
-  <title>Rudder - Archives - Blabla</title>
+  <title>Rudder - Archives</title>
   <style>
     .rudder-template > .one-col{
       flex: 1;

webapp/sources/rudder/rudder-web/src/main/webapp/secure/utilities/eventLogs.html

@@ -1,4 +1,4 @@
-<lift:surround with="common-layout" at="content">
+<lift:surround data-lift="with-enabled-csp" with="common-layout" at="content">
 
   <head_merge>
     <title>Rudder - Event logs</title>
@@ -69,7 +69,7 @@ <h1>
       </div>
     </div>
   </div>
-  <script id="rollbackBlock" type="text/template">
+  <script data-lift="with-nonce" id="rollbackBlock" type="text/template">
     <div class='rollbackDisplay'>
       <fieldset class='rollbackFieldSet'>
         <legend>Rollback</legend>