Provide csp_nonce to Soy Templates

The CSP nonce is only provided if available. If a filter is installed
that attaches "nonce" attribute to request. For example in google
deployment of gerrit we have such filter that sets nonce on all requests
before they are processed by a servelet.

CSP helps protects sites from XSS attacks. On Google hosts we set CSP
headers that require all script elements to be accompanied by nonce (per
request generated random string). Soy templates have a built in support
for attaching nonce, as long as the value is provided using Inject Data
mechanism.

Google-Bud-Id: b/33429040
Release-Notes: skip
Change-Id: Ifa3a07b8c77918a8a4ab48775b68e4f3b39bd3cb
2 files changed
tree: 59a7b678f5cb7d4813667f7f97f2202ebe397185
  1. .bazelrc
  2. .bazelversion
  3. .gitignore
  4. .gitmodules
  5. .mailmap
  6. .settings/
  7. BUILD
  8. COPYING
  9. Documentation/
  10. README.md
  11. WORKSPACE
  12. fake_pom_deploy.xml
  13. java/com/google/gitiles/
  14. javatests/com/google/gitiles/
  15. lib/
  16. modules/
  17. navbar.md
  18. resources/
  19. tools/
  20. version.bzl
README.md

Gitiles - A simple JGit repository browser

Gitiles is a simple repository browser for Git repositories, built on JGit. Its guiding principle is simplicity: it has no formal access controls, no write access, no fancy Javascript, etc.

Gitiles automatically renders *.md Markdown files into HTML for simplified documentation. Refer to the Markdown documentation for details.

Configuration

Gitiles is configurable in a git-style configuration file named gitiles.config. Refer to the configuration documentation for details.

Bugs

Use the issue tracker at github to file bugs.

Contributing to Gitiles

Please refer to the Developer Guide.