Embed CSP meta tag and stop using script-src unsafe-inline

2020-02-05 16:35:23 +00:00
parent c3e6a30789
commit ec20e1ece2
3 changed files with 10 additions and 11 deletions
--- a/src/vector/app.js
+++ b/src/vector/app.js
@@ -162,14 +162,15 @@ function onTokenLoginCompleted() {
 }

 export async function loadApp() {
-    if (window.vector_indexeddb_worker_script === undefined) {
+    const vectorIndexeddbWorkerScript = document.body.dataset.vectorIndexeddbWorkerScript;
+    if (!vectorIndexeddbWorkerScript) {
        // If this is missing, something has probably gone wrong with
        // the bundling. The js-sdk will just fall back to accessing
        // indexeddb directly with no worker script, but we want to
        // make sure the indexeddb script is present, so fail hard.
        throw new Error("Missing indexeddb worker script!");
    }
-    MatrixClientPeg.setIndexedDbWorkerScript(window.vector_indexeddb_worker_script);
+    MatrixClientPeg.setIndexedDbWorkerScript(vectorIndexeddbWorkerScript);
    CallHandler.setConferenceHandler(VectorConferenceHandler);

    window.addEventListener('hashchange', onHashChange);