From ca8ad09c9a5afdb30d3aa54681a04b4dee227be3 Mon Sep 17 00:00:00 2001
From: MTRNord <mtrnord1@gmail.com>
Date: Fri, 13 Sep 2024 14:30:29 +0200
Subject: [PATCH 1/2] Fix the font-src nonce and add another way to set nonces
 to allow vite to deal with nonces

Signed-off-by: MTRNord <mtrnord1@gmail.com>
---
 containers/widget-server/files/content-security-policy.conf | 2 +-
 containers/widget-server/files/default.conf                 | 5 +++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/containers/widget-server/files/content-security-policy.conf b/containers/widget-server/files/content-security-policy.conf
index ddcd2e49..e7e2c7c5 100644
--- a/containers/widget-server/files/content-security-policy.conf
+++ b/containers/widget-server/files/content-security-policy.conf
@@ -1 +1 @@
-add_header Content-Security-Policy "default-src 'none'; font-src 'self' data: $__CSP_FONT_SRC__; style-src 'self' $__STYLE_CSP_NONCE__ $__CSP_STYLE_SRC__; script-src 'self' $__STYLE_CSP_NONCE__ $__CSP_SCRIPT_SRC__; img-src 'self' data: $__CSP_IMG_SRC__; connect-src 'self' $__CSP_CONNECT_SRC__; manifest-src 'self';";
+add_header Content-Security-Policy "default-src 'none'; font-src 'self' data: $__CSP_FONT_SRC__ $__STYLE_CSP_NONCE__; style-src 'self' $__STYLE_CSP_NONCE__ $__CSP_STYLE_SRC__; script-src 'self' $__STYLE_CSP_NONCE__ $__CSP_SCRIPT_SRC__; img-src 'self' data: $__CSP_IMG_SRC__; connect-src 'self' $__CSP_CONNECT_SRC__; manifest-src 'self';";
diff --git a/containers/widget-server/files/default.conf b/containers/widget-server/files/default.conf
index 07053db3..b9578293 100644
--- a/containers/widget-server/files/default.conf
+++ b/containers/widget-server/files/default.conf
@@ -43,6 +43,11 @@ server {
   location / {
     # enable SSI for the files. We use it to inject the environment variables
     ssi on;
+
+    sub_filter_once off;
+    sub_filter_types *;
+    sub_filter CSP_NONCE $cspNonce;
+
     try_files $uri $uri/ /index.html;
   }
 

From 8e261c017db57ccc8b77469403a4110c545d2f93 Mon Sep 17 00:00:00 2001
From: Milton Moura <miltonmoura@gmail.com>
Date: Fri, 13 Sep 2024 14:24:18 +0000
Subject: [PATCH 2/2] Adding changeset

Signed-off-by: Milton Moura <miltonmoura@gmail.com>
---
 .changeset/fuzzy-seas-cover.md | 5 +++++
 1 file changed, 5 insertions(+)
 create mode 100644 .changeset/fuzzy-seas-cover.md

diff --git a/.changeset/fuzzy-seas-cover.md b/.changeset/fuzzy-seas-cover.md
new file mode 100644
index 00000000..3ef6f76a
--- /dev/null
+++ b/.changeset/fuzzy-seas-cover.md
@@ -0,0 +1,5 @@
+---
+'@matrix-widget-toolkit/widget-server': patch
+---
+
+Adjust how vite handles nonces