From 6428cee51255394c7c8bac25aa78670e67338970 Mon Sep 17 00:00:00 2001
From: Thibaut Courouble <thibaut@me.com>
Date: Sun, 5 Jun 2016 18:59:31 -0400
Subject: [PATCH] Fix missing nonce in production CSP

---
 lib/app.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/app.rb b/lib/app.rb
index 64e3bdd2..598229e3 100644
--- a/lib/app.rb
+++ b/lib/app.rb
@@ -73,7 +73,7 @@ class App < Sinatra::Application
   configure :production do
     set :static, false
     set :docs_host, '//docs.devdocs.io'
-    set :csp, "default-src 'self' *; script-src 'self' http://cdn.devdocs.io https://cdn.devdocs.io https://www.google-analytics.com https://secure.gaug.es http://*.jquery.com https://*.jquery.com; font-src data:; style-src 'self' 'unsafe-inline' *; img-src 'self' * data:;"
+    set :csp, "default-src 'self' *; script-src 'self' 'nonce-devdocs' http://cdn.devdocs.io https://cdn.devdocs.io https://www.google-analytics.com https://secure.gaug.es http://*.jquery.com https://*.jquery.com; font-src data:; style-src 'self' 'unsafe-inline' *; img-src 'self' * data:;"
 
     use Rack::ConditionalGet
     use Rack::ETag