From bafe8b2ccb027839dcaa0173b9024bf52b60c898 Mon Sep 17 00:00:00 2001
From: Dominik Hebeler <dominik@suma-ev.de>
Date: Fri, 5 Aug 2022 12:16:57 +0200
Subject: [PATCH] checking csp for eval only

---
 metager/resources/js/verify.js                                 | 2 ++
 .../views/layouts/resultpage/verificationHeader.blade.php      | 3 ---
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/metager/resources/js/verify.js b/metager/resources/js/verify.js
index b28f6115a..0f533c962 100644
--- a/metager/resources/js/verify.js
+++ b/metager/resources/js/verify.js
@@ -3,6 +3,8 @@ require('fetch-ie8');
 
 // Find the key id for the browser-verification
 document.querySelectorAll("link").forEach(element => {
+    // Should get blocked by csp
+    eval("window.sp = 1;");
     let href = element.href;
     let matches = href.match(/http[s]{0,1}:\/\/[^\/]+\/index\.css\?id=(.+)/i);
     if (!matches) {
diff --git a/metager/resources/views/layouts/resultpage/verificationHeader.blade.php b/metager/resources/views/layouts/resultpage/verificationHeader.blade.php
index a7fc23553..1ede1d0f0 100644
--- a/metager/resources/views/layouts/resultpage/verificationHeader.blade.php
+++ b/metager/resources/views/layouts/resultpage/verificationHeader.blade.php
@@ -2,8 +2,5 @@
 <html lang="{!! trans('staticPages.meta.language') !!}">
 <head>
     <meta charset="UTF-8">
-    <script>
-        window.sp = 1;
-    </script>
     <link rel="stylesheet" href="/index.css?id={{ $key }}">
     <script src="{{ mix('js/index.js') }}"></script>
\ No newline at end of file
-- 
GitLab