Skip to content

Commit faf494f

Browse files
NickCraverNickCraver
authored
Fix for MiniProfiler#560 - propagate nonce to <link> (MiniProfiler#565)
This propagates the `nonce` attribute to the generated <link> element as it should for proper CSP handling.
1 parent 4408692 commit faf494f

File tree

2 files changed

+4
-1
lines changed

2 files changed

+4
-1
lines changed

docs/Releases.md

+1
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@ This page tracks major changes included in any update starting with version 4.0.
88
#### Unreleased
99
- **New**:
1010
- Added an option to control `SpacesAfterCommas` to `InlineSqlFormatter` and `SqlServerFormatter` ([#549](https://github.com/MiniProfiler/dotnet/pull/549) - thanks [Turnerj](https://github.com/Turnerj))
11+
- Fixed `nonce` attribute propagation to generated `<link>` style element for full CSP support ([#565](https://github.com/MiniProfiler/dotnet/pull/565))
1112

1213
#### Version 4.2.1
1314
- **New**:

src/MiniProfiler.Shared/ui/lib/MiniProfiler.ts

+3-1
Original file line numberDiff line numberDiff line change
@@ -111,6 +111,7 @@ namespace StackExchange.Profiling {
111111
ids: string[];
112112
ignoredDuplicateExecuteTypes: string[];
113113
maxTracesToShow: number;
114+
nonce: string;
114115
path: string;
115116
renderPosition: RenderPosition;
116117
showChildrenTime: boolean;
@@ -298,6 +299,7 @@ namespace StackExchange.Profiling {
298299
toggleShortcut: data.toggleShortcut,
299300
startHidden: bool(data.startHidden),
300301
ignoredDuplicateExecuteTypes: (data.ignoredDuplicateExecuteTypes || '').split(','),
302+
nonce: script.nonce,
301303
};
302304

303305
function doInit() {
@@ -372,7 +374,7 @@ namespace StackExchange.Profiling {
372374
} else {
373375
alreadyDone = true;
374376
if (mp.options.authorized) {
375-
document.head.insertAdjacentHTML('beforeend', `<link rel="stylesheet" type="text/css" href="${mp.options.path}includes.min.css?v=${mp.options.version}" />`);
377+
document.head.insertAdjacentHTML('beforeend', `<link rel="stylesheet" type="text/css" href="${mp.options.path}includes.min.css?v=${mp.options.version}" ${mp.options.nonce ? `nonce="${mp.options.nonce}" ` : ''}/>`);
376378
}
377379
doInit();
378380
}

0 commit comments

Comments
 (0)