--- a/mercurial/hgweb/hgwebdir_mod.py Tue Jan 10 20:47:48 2017 -0800
+++ b/mercurial/hgweb/hgwebdir_mod.py Tue Jan 10 23:37:08 2017 -0800
@@ -19,6 +19,7 @@
HTTP_NOT_FOUND,
HTTP_OK,
HTTP_SERVER_ERROR,
+ cspvalues,
get_contact,
get_mtime,
ismember,
@@ -227,8 +228,12 @@
try:
self.refresh()
+ csp, nonce = cspvalues(self.ui)
+ if csp:
+ req.headers.append(('Content-Security-Policy', csp))
+
virtual = req.env.get("PATH_INFO", "").strip('/')
- tmpl = self.templater(req)
+ tmpl = self.templater(req, nonce)
ctype = tmpl('mimetype', encoding=encoding.encoding)
ctype = templater.stringify(ctype)
@@ -466,7 +471,7 @@
sortcolumn=sortcolumn, descending=descending,
**dict(sort))
- def templater(self, req):
+ def templater(self, req, nonce):
def motd(**map):
if self.motd is not None:
@@ -510,6 +515,7 @@
"staticurl": staticurl,
"sessionvars": sessionvars,
"style": style,
+ "nonce": nonce,
}
tmpl = templater.templater.frommapfile(mapfile, defaults=defaults)
return tmpl