storaged: Make Content-Security-Policy stricter

We haven't yet implemented all the style fixes for the security policy, but we can lock down the code at this point. Closes #4020
cockpit-project · Mar 16, 2016 · 93a47a4 · 93a47a4
1 parent db68753
commit 93a47a4
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 12 deletions.
diff --git a/pkg/storaged/devices.js b/pkg/storaged/devices.js
@@ -17,7 +17,7 @@
  * along with Cockpit; If not, see <http://www.gnu.org/licenses/>.
  */
 
-define([
+require([
     "jquery",
     "base1/cockpit",
     "storage/client",
@@ -26,6 +26,7 @@ define([
     "storage/details",
     "storage/utils",
     "translated!base1/po",
+    "base1/bootstrap-select",
 ], function($, cockpit, client, jobs, overview, details, utils, po) {
     cockpit.locale(po);
     var _ = cockpit.gettext;
@@ -116,5 +117,5 @@ define([
         });
     }
 
-    return init;
+    $(init);
 });
diff --git a/pkg/storaged/index.html b/pkg/storaged/index.html
@@ -31,15 +31,9 @@
     <script src="../system/bundle.js"></script>
     <script src="../shell/shell.js"></script>
     <script src="bundle.js"></script>
-<script>
-    require([
-        "jquery",
-        "storage/devices",
-        "base1/bootstrap-select",
-    ], function($, devices) {
-        $(devices);
-    });
-</script>
+    <!-- debug:start -->
+    <script src="devices.js"></script>
+    <!-- debug:end -->
 </head>
 <body hidden>
 

diff --git a/pkg/storaged/manifest.json b/pkg/storaged/manifest.json
@@ -9,5 +9,5 @@
         }
     },
 
-    "content-security-policy": "default-src 'self' 'unsafe-inline' 'unsafe-eval'"
+    "content-security-policy": "style-src 'self' 'unsafe-inline' 'unsafe-eval'"
 }