From b85a10b55d0117e99b12c2a82567098ddf901fb1 Mon Sep 17 00:00:00 2001
From: Ere Maijala <ere.maijala@helsinki.fi>
Date: Tue, 15 Sep 2020 13:16:31 +0300
Subject: [PATCH] Fix handling of nonce to not mess with HeadLink items.

---
 .../src/VuFindTheme/View/Helper/ConcatTrait.php  | 16 +++++++++++++++-
 .../src/VuFindTheme/View/Helper/HeadLink.php     |  2 +-
 .../src/VuFindTheme/View/Helper/HeadScript.php   | 14 +++++++++++++-
 3 files changed, 29 insertions(+), 3 deletions(-)

diff --git a/module/VuFindTheme/src/VuFindTheme/View/Helper/ConcatTrait.php b/module/VuFindTheme/src/VuFindTheme/View/Helper/ConcatTrait.php
index 3566adf1a77..ed9621575e0 100644
--- a/module/VuFindTheme/src/VuFindTheme/View/Helper/ConcatTrait.php
+++ b/module/VuFindTheme/src/VuFindTheme/View/Helper/ConcatTrait.php
@@ -87,6 +87,20 @@ trait ConcatTrait
      */
     abstract protected function getMinifier();
 
+    /**
+     * Add a content security policy nonce to the item
+     *
+     * @param stdClass $item Item
+     *
+     * @return void
+     *
+     * @SuppressWarnings(PHPMD.UnusedFormalParameter)
+     */
+    protected function addNonce($item)
+    {
+        // Default implementation does nothing
+    }
+
     /**
      * Set the file path of the link object
      *
@@ -364,7 +378,7 @@ trait ConcatTrait
                 // files, which are stored in a theme-independent cache).
                 $path = $this->getConcatenatedFilePath($group);
                 $item = $this->setResourceFilePath($group['items'][0], $path);
-                $item->attributes['nonce'] = $this->cspNonce;
+                $this->addNonce($item);
                 $output[] = parent::itemToString(
                     $item, $indent, $escapeStart, $escapeEnd
                 );
diff --git a/module/VuFindTheme/src/VuFindTheme/View/Helper/HeadLink.php b/module/VuFindTheme/src/VuFindTheme/View/Helper/HeadLink.php
index 8cca8d6c3d2..b0fec024d83 100644
--- a/module/VuFindTheme/src/VuFindTheme/View/Helper/HeadLink.php
+++ b/module/VuFindTheme/src/VuFindTheme/View/Helper/HeadLink.php
@@ -105,7 +105,7 @@ class HeadLink extends \Laminas\View\Helper\HeadLink
             $url .= filemtime($details['path']);
             $item->href = $url;
         }
-        $item->attributes['nonce'] = $this->cspNonce;
+        $this->addNonce($item);
         return parent::itemToString($item);
     }
 
diff --git a/module/VuFindTheme/src/VuFindTheme/View/Helper/HeadScript.php b/module/VuFindTheme/src/VuFindTheme/View/Helper/HeadScript.php
index 3dc99a74f18..1c29964243f 100644
--- a/module/VuFindTheme/src/VuFindTheme/View/Helper/HeadScript.php
+++ b/module/VuFindTheme/src/VuFindTheme/View/Helper/HeadScript.php
@@ -113,7 +113,7 @@ class HeadScript extends \Laminas\View\Helper\HeadScript
             }
         }
 
-        $item->attributes['nonce'] = $this->cspNonce;
+        $this->addNonce($item);
         return parent::itemToString($item, $indent, $escapeStart, $escapeEnd);
     }
 
@@ -216,4 +216,16 @@ class HeadScript extends \Laminas\View\Helper\HeadScript
         }
         return $data;
     }
+
+    /**
+     * Add a nonce to the item
+     *
+     * @param stdClass $item Item
+     *
+     * @return void
+     */
+    protected function addNonce($item)
+    {
+        $item->attributes['nonce'] = $this->cspNonce;
+    }
 }
-- 
GitLab