From 289edc973cbee6e6cdfb97ee5c1c8b3b732e5c1f Mon Sep 17 00:00:00 2001
From: Butter Cat <butteredcats@protonmail.com>
Date: Fri, 17 Nov 2023 09:29:24 -0500
Subject: [PATCH] Add support for using a nonce with the
 Content-Security-Policy header

---
 nitter.example.conf   | 1 +
 src/config.nim        | 1 +
 src/types.nim         | 1 +
 src/views/general.nim | 6 +++---
 4 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/nitter.example.conf b/nitter.example.conf
index f0b4214..4fbf20e 100644
--- a/nitter.example.conf
+++ b/nitter.example.conf
@@ -21,6 +21,7 @@ redisMaxConnections = 30
 
 [Config]
 hmacKey = "secretkey"  # random key for cryptographic signing of video urls
+nonceString = "secretstring" # random string for the Content-Security-Policy header with script-src
 base64Media = false  # use base64 encoding for proxied media urls
 enableRSS = true  # set this to false to disable RSS feeds
 enableDebug = false  # enable request logs and debug endpoints (/.accounts)
diff --git a/src/config.nim b/src/config.nim
index 1b05ffe..3e14a33 100644
--- a/src/config.nim
+++ b/src/config.nim
@@ -35,6 +35,7 @@ proc getConfig*(path: string): (Config, parseCfg.Config) =
 
     # Config
     hmacKey: cfg.get("Config", "hmacKey", "secretkey"),
+    nonceString: cfg.get("Config", "nonceString", "secretstring"),
     base64Media: cfg.get("Config", "base64Media", false),
     minTokens: cfg.get("Config", "tokenCount", 10),
     enableRss: cfg.get("Config", "enableRSS", true),
diff --git a/src/types.nim b/src/types.nim
index 3b0d55c..f1db729 100644
--- a/src/types.nim
+++ b/src/types.nim
@@ -256,6 +256,7 @@ type
     staticDir*: string
 
     hmacKey*: string
+    nonceString*: string
     base64Media*: bool
     minTokens*: int
     enableRss*: bool
diff --git a/src/views/general.nim b/src/views/general.nim
index 5e96d02..b161fd8 100644
--- a/src/views/general.nim
+++ b/src/views/general.nim
@@ -73,11 +73,11 @@ proc renderHead*(prefs: Prefs; cfg: Config; req: Request; titleText=""; desc="";
       link(rel="alternate", type="application/rss+xml", href=rss, title="RSS feed")
 
     if prefs.hlsPlayback:
-      script(src="/js/hls.light.min.js", `defer`="")
-      script(src="/js/hlsPlayback.js", `defer`="")
+      script(nonce=cfg.nonceString, src="/js/hls.light.min.js", `defer`="")
+      script(nonce=cfg.nonceString, src="/js/hlsPlayback.js", `defer`="")
 
     if prefs.infiniteScroll:
-      script(src="/js/infiniteScroll.js", `defer`="")
+      script(nonce=cfg.nonceString, src="/js/infiniteScroll.js", `defer`="")
 
     title:
       if titleText.len > 0: