Update nonce

swiss-ssi-group · Jun 23, 2023 · 027f877 · 027f877
1 parent a6b38f8
commit 027f877
Show file tree

Hide file tree

Showing 8 changed files with 67 additions and 65 deletions.
diff --git a/IssuerDrivingLicense/Pages/Admin.cshtml.cs b/IssuerDrivingLicense/Pages/Admin.cshtml.cs
@@ -1,23 +1,22 @@
-using Microsoft.AspNetCore.Mvc.RazorPages;
+using Microsoft.AspNetCore.Mvc.RazorPages;
 using Microsoft.EntityFrameworkCore;
 using IssuerDrivingLicense.Persistence;
 
-namespace IssuerDrivingLicense
+namespace IssuerDrivingLicense;
+
+public class AdminModel : PageModel
 {
-    public class AdminModel : PageModel
-    {
-        private readonly DrivingLicenseDbContext _context;
+    private readonly DrivingLicenseDbContext _context;
 
-        public AdminModel(DrivingLicenseDbContext context)
-        {
-            _context = context;
-        }
+    public AdminModel(DrivingLicenseDbContext context)
+    {
+        _context = context;
+    }
 
-        public List<DriverLicense> DriverLicenses { get; set; } = new List<DriverLicense>();
+    public List<DriverLicense> DriverLicenses { get; set; } = new List<DriverLicense>();
 
-        public async Task OnGetAsync()
-        {
-            DriverLicenses = await _context.DriverLicenses.ToListAsync();
-        }
+    public async Task OnGetAsync()
+    {
+        DriverLicenses = await _context.DriverLicenses.ToListAsync();
     }
-}
+}
diff --git a/IssuerDrivingLicense/Pages/DriverLicenseCredentials.cshtml b/IssuerDrivingLicense/Pages/DriverLicenseCredentials.cshtml
@@ -78,6 +78,6 @@
 }
 
 @section scripts {
-    <script src="qrcode.min.js"></script>
-    <script src="DriverLicenseCredentials.js"></script>
+    <script src="qrcode.min.js" nonce="@nonce"></script>
+    <script src="DriverLicenseCredentials.js" nonce="@nonce"></script>
 }
diff --git a/IssuerDrivingLicense/Pages/DriverLicenseCredentials.cshtml.cs b/IssuerDrivingLicense/Pages/DriverLicenseCredentials.cshtml.cs
@@ -1,33 +1,32 @@
 using IssuerDrivingLicense.Persistence;
 using Microsoft.AspNetCore.Mvc.RazorPages;
 
-namespace IssuerDrivingLicense.Pages
+namespace IssuerDrivingLicense.Pages;
+
+public class DriverLicenseCredentialsModel : PageModel
 {
-    public class DriverLicenseCredentialsModel : PageModel
-    {
-        private readonly DriverLicenseService _driverLicenseService;
+    private readonly DriverLicenseService _driverLicenseService;
 
-        public string DriverLicenseMessage { get; set; } = "Loading credentials";
-        public bool HasDriverLicense { get; set; }
-        public DriverLicense? DriverLicense { get; set; }
+    public string DriverLicenseMessage { get; set; } = "Loading credentials";
+    public bool HasDriverLicense { get; set; }
+    public DriverLicense? DriverLicense { get; set; }
 
-        public DriverLicenseCredentialsModel(DriverLicenseService driverLicenseService)
+    public DriverLicenseCredentialsModel(DriverLicenseService driverLicenseService)
+    {
+        _driverLicenseService = driverLicenseService;
+    }
+    public async Task OnGetAsync()
+    {
+        DriverLicense = await _driverLicenseService.GetDriverLicense(HttpContext.User?.Identity?.Name);
+
+        if (DriverLicense != null)
         {
-            _driverLicenseService = driverLicenseService;
+            DriverLicenseMessage = "Add your driver license credentials to your wallet";
+            HasDriverLicense = true;
         }
-        public async Task OnGetAsync()
+        else
         {
-            DriverLicense = await _driverLicenseService.GetDriverLicense(HttpContext.User?.Identity?.Name);
-
-            if (DriverLicense != null)
-            {
-                DriverLicenseMessage = "Add your driver license credentials to your wallet";
-                HasDriverLicense = true;
-            }
-            else
-            {
-                DriverLicenseMessage = "You have no valid driver license";
-            }
+            DriverLicenseMessage = "You have no valid driver license";
         }
     }
 }
diff --git a/IssuerDrivingLicense/Pages/Error.cshtml.cs b/IssuerDrivingLicense/Pages/Error.cshtml.cs
@@ -2,19 +2,18 @@
 using Microsoft.AspNetCore.Mvc.RazorPages;
 using System.Diagnostics;
 
-namespace IssuerDrivingLicense.Pages
+namespace IssuerDrivingLicense.Pages;
+
+[ResponseCache(Duration = 0, Location = ResponseCacheLocation.None, NoStore = true)]
+[IgnoreAntiforgeryToken]
+public class ErrorModel : PageModel
 {
-    [ResponseCache(Duration = 0, Location = ResponseCacheLocation.None, NoStore = true)]
-    [IgnoreAntiforgeryToken]
-    public class ErrorModel : PageModel
-    {
-        public string? RequestId { get; set; }
+    public string? RequestId { get; set; }
 
-        public bool ShowRequestId => !string.IsNullOrEmpty(RequestId);
+    public bool ShowRequestId => !string.IsNullOrEmpty(RequestId);
 
-        public void OnGet()
-        {
-            RequestId = Activity.Current?.Id ?? HttpContext.TraceIdentifier;
-        }
+    public void OnGet()
+    {
+        RequestId = Activity.Current?.Id ?? HttpContext.TraceIdentifier;
     }
-}
+}
diff --git a/IssuerDrivingLicense/Pages/Index.cshtml.cs b/IssuerDrivingLicense/Pages/Index.cshtml.cs
@@ -1,12 +1,11 @@
-using Microsoft.AspNetCore.Mvc.RazorPages;
+using Microsoft.AspNetCore.Mvc.RazorPages;
 
-namespace IssuerDrivingLicense.Pages
+namespace IssuerDrivingLicense.Pages;
+
+public class IndexModel : PageModel
 {
-    public class IndexModel : PageModel
+    public void OnGet()
     {
-        public void OnGet()
-        {
 
-        }
     }
-}
+}
diff --git a/IssuerDrivingLicense/Pages/Shared/_Layout.cshtml b/IssuerDrivingLicense/Pages/Shared/_Layout.cshtml
@@ -1,4 +1,7 @@
-<!DOCTYPE html>
+@{
+    var nonce = this.Context.GetNonce();
+}
+<!DOCTYPE html>
 <html lang="en">
 <head>
     <meta charset="utf-8" />
@@ -52,10 +55,10 @@
         </div>
     </footer>
 
-    <script src="~/lib/jquery/dist/jquery.min.js"></script>
-    <script src="~/lib/bootstrap/dist/js/bootstrap.bundle.min.js"></script>
-    <script src="~/js/site.js" asp-append-version="true"></script>
+    <script src="~/lib/jquery/dist/jquery.min.js" nonce="@nonce"></script>
+    <script src="~/lib/bootstrap/dist/js/bootstrap.bundle.min.js" nonce="@nonce"></script>
+    <script src="~/js/site.js" asp-append-version="true" nonce="@nonce"></script>
 
     @await RenderSectionAsync("Scripts", required: false)
 </body>
-</html>
+</html>
diff --git a/IssuerDrivingLicense/Pages/Shared/_ValidationScriptsPartial.cshtml b/IssuerDrivingLicense/Pages/Shared/_ValidationScriptsPartial.cshtml
@@ -1,2 +1,5 @@
-<script src="~/lib/jquery-validation/dist/jquery.validate.min.js"></script>
-<script src="~/lib/jquery-validation-unobtrusive/jquery.validate.unobtrusive.min.js"></script>
+@{
+    var nonce = this.Context.GetNonce();
+}
+<script src="~/lib/jquery-validation/dist/jquery.validate.min.js" nonce="@nonce"></script>
+<script src="~/lib/jquery-validation-unobtrusive/jquery.validate.unobtrusive.min.js" nonce="@nonce"></script>
diff --git a/IssuerDrivingLicense/SecurityHeadersDefinitions.cs b/IssuerDrivingLicense/SecurityHeadersDefinitions.cs
@@ -23,7 +23,7 @@ public static HeaderPolicyCollection GetHeaderPolicyCollection(bool isDev)
                 builder.AddFontSrc().Self();
                 builder.AddStyleSrc().Self().UnsafeInline();
                 builder.AddBaseUri().Self();
-                builder.AddScriptSrc().Self().UnsafeInline();
+                builder.AddScriptSrc().Self().UnsafeInline().WithNonce();
                 builder.AddFrameAncestors().None();
                 //builder.AddCustomDirective("require-trusted-types-for", "'script'");
             })