chore: add nonce to auth broker login inline script

kaltura · Dec 3, 2023 · efab97d · efab97d
1 parent b0f2464
commit efab97d
Showing 1 changed file with 14 additions and 3 deletions.
diff --git a/src/kmc-app/components/login/login.component.ts b/src/kmc-app/components/login/login.component.ts
@@ -354,9 +354,20 @@ export class LoginComponent implements OnInit, OnDestroy, AfterViewInit {
                       this._authBrokerProfiles = JSON.parse(response);
                       this._inProgress = false;
                   } else {
-                      document.open();
-                      document.write(response);
-                      document.close();
+                      try {
+                          const scripts = document.getElementsByTagName('script');
+                          if (scripts.length) {
+                              const nonce = scripts[0].nonce;
+                              if (nonce) {
+                                  response = response.replace("\x3Cscript>", "\x3Cscript nonce='" + nonce + "'>");
+                              }
+                          }
+                          document.open();
+                          document.write(response);
+                          document.close();
+                      } catch(e) {
+                          console.error(`error logging-in using auth broker. ${e.message}`);
+                      }
                   }
               }
           },