Merge pull request #1 from golayp/main

fix: better target nonce links
damienbod · Feb 14, 2024 · ca4bc31 · ca4bc31
2 parents 9c367f3 + 8cff0d3
commit ca4bc31
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/bff/server/Pages/_Host.cshtml b/bff/server/Pages/_Host.cshtml
@@ -26,12 +26,12 @@
     // The nonce is passed to the client through the HTML to avoid sync issues between tabs
     source = source.Replace("**PLACEHOLDER_NONCE_SERVER**", nonce);
 
-    var nonceScript = $"<script nonce=\"{nonce}\" ";
-    source = source.Replace("<script ", nonceScript);
+    var nonceScript = $"<script nonce=\"{nonce}\" src=";
+    source = source.Replace("<script src=", nonceScript);
 
     // link rel="stylesheet"
-    var nonceLinkStyle = $"<link nonce=\"{nonce}\" rel=\"stylesheet";
-    source = source.Replace("<link rel=\"stylesheet", nonceLinkStyle);
+    var nonceLinkStyle = $"<link nonce=\"{nonce}\" rel=\"stylesheet\" ";
+    source = source.Replace("<link rel=\"stylesheet\" ", nonceLinkStyle);
 
     var xsrf = antiForgery.GetAndStoreTokens(HttpContext);
     var requestToken = xsrf.RequestToken;