Modern browsers all support nonce now so drop checking UA

2023-11-16 14:04:33 +00:00 · 2023-11-16 14:04:33 +00:00 · fc408ef985
commit fc408ef985
parent 1ba9f2bb56
1 changed files with 1 additions and 11 deletions
--- a/src/Ui/UiRequest.py
+++ b/src/Ui/UiRequest.py
@ -274,16 +274,6 @@ class UiRequest(object):
        else:
            return referer

-    def isScriptNonceSupported(self):
-        user_agent = self.env.get("HTTP_USER_AGENT")
-        if "Edge/" in user_agent:
-            is_script_nonce_supported = False
-        elif "Safari/" in user_agent and "Chrome/" not in user_agent:
-            is_script_nonce_supported = False
-        else:
-            is_script_nonce_supported = True
-        return is_script_nonce_supported
-
    # Send response headers
    def sendHeader(self, status=200, content_type="text/html", noscript=False, allow_ajax=False, script_nonce=None, extra_headers=[]):
        url = self.getRequestUrl()
@ -306,7 +296,7 @@ class UiRequest(object):

        if noscript:
            headers["Content-Security-Policy"] = "default-src 'none'; sandbox allow-top-navigation allow-forms; img-src *; font-src * data:; media-src *; style-src * 'unsafe-inline';"
-        elif script_nonce and self.isScriptNonceSupported():
+        elif script_nonce:
            headers["Content-Security-Policy"] = "default-src 'none'; script-src 'nonce-{0}'; img-src 'self' blob: data:; style-src 'self' blob: 'unsafe-inline'; connect-src *; frame-src 'self' blob:".format(script_nonce)

        if allow_ajax: