Merge pull request #114 from kumarrishav/patch-1

linkRace · web-flow · commit ae7cb1169c9f · 2017-10-03T11:01:57.000-07:00
Add style/script directive if nonce is true
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,7 @@
+##### v1.5.2
+
+* Bugfix: Add style/script directive if nonce is true
+
 ##### v1.5.1
 
 * Bugfix: style-src nonce updates properly, speed improvement on match
diff --git a/lib/csp.js b/lib/csp.js
@@ -19,6 +19,16 @@ module.exports = function (options) {
         name += '-report-only';
     }
 
+    if (policyRules && policyRules["default-src"]) {
+        if (styleNonce && !policyRules["style-src"]) {
+            policyRules["style-src"] = policyRules["default-src"];
+        }
+        
+        if (scriptNonce && !policyRules["script-src"]) {
+            policyRules["script-src"] = policyRules["default-src"];
+        }
+    }
+
     value = createPolicyString(policyRules);
 
     if (reportUri) {
