From e08911ab8f0ff97f83647503d0c4b11bde0cd1b7 Mon Sep 17 00:00:00 2001
From: snipe <snipe@snipe.net>
Date: Thu, 2 Nov 2017 10:57:05 -0700
Subject: [PATCH] Removed nonce for now
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

There is a dependency in a package where we can’t edit the script tags to add the nonce
---
 app/Http/Middleware/ContentSecurityPolicyHeader.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/Http/Middleware/ContentSecurityPolicyHeader.php b/app/Http/Middleware/ContentSecurityPolicyHeader.php
index 05eb73ed9d..89aab41eec 100644
--- a/app/Http/Middleware/ContentSecurityPolicyHeader.php
+++ b/app/Http/Middleware/ContentSecurityPolicyHeader.php
@@ -21,7 +21,7 @@ class ContentSecurityPolicyHeader
 
         $policy[] = "default-src 'self'";
         $policy[] = "style-src 'self' 'unsafe-inline' oss.maxcdn.com";
-        $policy[] = "script-src 'self' 'unsafe-inline' oss.mafxcdn.com cdnjs.cloudflare.com 'nonce-".csrf_token()."'";
+        $policy[] = "script-src 'self' 'unsafe-inline' oss.mafxcdn.com cdnjs.cloudflare.com'";
         $policy[] = "connect-src 'self'";
         $policy[] = "object-src 'none'";
         $policy[] = "font-src 'self' data:";