From 47734c26f329aff41431f42e7674c2d4404b5a5a Mon Sep 17 00:00:00 2001
From: Ferdinand Thiessen <opensource@fthiessen.de>
Date: Mon, 17 Mar 2025 12:27:03 +0100
Subject: [PATCH] fix: adjust webpack nonce generation

some leftovers where the request token is used instead of the CSP nonce.
in general this makes not much difference - but there are some cases
where those values differ.

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
---
 apps/files_sharing/src/additionalScripts.js             | 3 ++-
 apps/files_sharing/src/collaborationresourceshandler.js | 3 ++-
 apps/settings/src/main-admin-ai.js                      | 4 ++--
 apps/settings/src/main-admin-security.js                | 4 ++--
 apps/settings/src/main-personal-password.js             | 6 +++---
 apps/settings/src/main-personal-webauth.js              | 6 +++---
 6 files changed, 14 insertions(+), 12 deletions(-)

diff --git a/apps/files_sharing/src/additionalScripts.js b/apps/files_sharing/src/additionalScripts.js
index 18812eec537..e8807a7325e 100644
--- a/apps/files_sharing/src/additionalScripts.js
+++ b/apps/files_sharing/src/additionalScripts.js
@@ -2,6 +2,7 @@
  * SPDX-FileCopyrightText: 2016 Nextcloud GmbH and Nextcloud contributors
  * SPDX-License-Identifier: AGPL-3.0-or-later
  */
+import { getCSPNonce } from '@nextcloud/auth'
 
 import './share.js'
 import './sharebreadcrumbview.js'
@@ -9,6 +10,6 @@ import './style/sharebreadcrumb.scss'
 import './collaborationresourceshandler.js'
 
 // eslint-disable-next-line camelcase
-__webpack_nonce__ = btoa(OC.requestToken)
+__webpack_nonce__ = getCSPNonce()
 
 window.OCA.Sharing = OCA.Sharing
diff --git a/apps/files_sharing/src/collaborationresourceshandler.js b/apps/files_sharing/src/collaborationresourceshandler.js
index adb9cb02fbc..6f3645385b7 100644
--- a/apps/files_sharing/src/collaborationresourceshandler.js
+++ b/apps/files_sharing/src/collaborationresourceshandler.js
@@ -2,9 +2,10 @@
  * SPDX-FileCopyrightText: 2016 Nextcloud GmbH and Nextcloud contributors
  * SPDX-License-Identifier: AGPL-3.0-or-later
  */
+import { getCSPNonce } from '@nextcloud/auth'
 
 // eslint-disable-next-line camelcase
-__webpack_nonce__ = btoa(OC.requestToken)
+__webpack_nonce__ = getCSPNonce()
 
 window.OCP.Collaboration.registerType('file', {
 	action: () => {
diff --git a/apps/settings/src/main-admin-ai.js b/apps/settings/src/main-admin-ai.js
index d1813d03b50..79bc785a4f6 100644
--- a/apps/settings/src/main-admin-ai.js
+++ b/apps/settings/src/main-admin-ai.js
@@ -2,13 +2,13 @@
  * SPDX-FileCopyrightText: 2016 Nextcloud GmbH and Nextcloud contributors
  * SPDX-License-Identifier: AGPL-3.0-or-later
  */
-
+import { getCSPNonce } from '@nextcloud/auth'
 import Vue from 'vue'
 
 import ArtificialIntelligence from './components/AdminAI.vue'
 
 // eslint-disable-next-line camelcase
-__webpack_nonce__ = btoa(OC.requestToken)
+__webpack_nonce__ = getCSPNonce()
 
 Vue.prototype.t = t
 
diff --git a/apps/settings/src/main-admin-security.js b/apps/settings/src/main-admin-security.js
index 5248ff3b5fe..26961dcc13e 100644
--- a/apps/settings/src/main-admin-security.js
+++ b/apps/settings/src/main-admin-security.js
@@ -2,7 +2,7 @@
  * SPDX-FileCopyrightText: 2016 Nextcloud GmbH and Nextcloud contributors
  * SPDX-License-Identifier: AGPL-3.0-or-later
  */
-
+import { getCSPNonce } from '@nextcloud/auth'
 import { loadState } from '@nextcloud/initial-state'
 import Vue from 'vue'
 
@@ -11,7 +11,7 @@ import EncryptionSettings from './components/Encryption/EncryptionSettings.vue'
 import store from './store/admin-security.js'
 
 // eslint-disable-next-line camelcase
-__webpack_nonce__ = btoa(OC.requestToken)
+__webpack_nonce__ = getCSPNonce()
 
 Vue.prototype.t = t
 
diff --git a/apps/settings/src/main-personal-password.js b/apps/settings/src/main-personal-password.js
index 3c0fd18eea5..b74f5f71aa2 100644
--- a/apps/settings/src/main-personal-password.js
+++ b/apps/settings/src/main-personal-password.js
@@ -2,14 +2,14 @@
  * SPDX-FileCopyrightText: 2022 Nextcloud GmbH and Nextcloud contributors
  * SPDX-License-Identifier: AGPL-3.0-or-later
  */
+import { getCSPNonce } from '@nextcloud/auth'
+import { t, n } from '@nextcloud/l10n'
 
 import Vue from 'vue'
-
 import PasswordSection from './components/PasswordSection.vue'
-import { translate as t, translatePlural as n } from '@nextcloud/l10n'
 
 // eslint-disable-next-line camelcase
-__webpack_nonce__ = btoa(OC.requestToken)
+__webpack_nonce__ = getCSPNonce()
 
 Vue.prototype.t = t
 Vue.prototype.n = n
diff --git a/apps/settings/src/main-personal-webauth.js b/apps/settings/src/main-personal-webauth.js
index 4f5397f257c..f451fa8c73b 100644
--- a/apps/settings/src/main-personal-webauth.js
+++ b/apps/settings/src/main-personal-webauth.js
@@ -2,14 +2,14 @@
  * SPDX-FileCopyrightText: 2020 Nextcloud GmbH and Nextcloud contributors
  * SPDX-License-Identifier: AGPL-3.0-or-later
  */
-
-import Vue from 'vue'
+import { getCSPNonce } from '@nextcloud/auth'
 import { loadState } from '@nextcloud/initial-state'
+import Vue from 'vue'
 
 import WebAuthnSection from './components/WebAuthn/Section.vue'
 
 // eslint-disable-next-line camelcase
-__webpack_nonce__ = btoa(OC.requestToken)
+__webpack_nonce__ = getCSPNonce()
 
 Vue.prototype.t = t