add nonce for Ubiquity JsUtils

Author: jcheron

.gitignore

@@ -3,3 +3,4 @@
 .settings/*
 doxygeneJquery
 doc/*
+.idea/

Ajax/common/traits/JsUtilsInternalTrait.php

@@ -73,27 +73,10 @@ protected function minify($input) {
 	 */
 	protected function _open_script($src = '') {
 		$str = '<script ';
-		if (! $this->isAjax() && isset($this->params['nonce'])) {
-			$nonce = $this->nonce ?? $this->generateNonce($this->params['nonce']);
-			$str .= ' nonce="' . $nonce . '" ';
-		}
 		$str .= ($src == '') ? '>' : ' src="' . $src . '">';
 		return $str;
 	}
 
-	protected function onNonce() {}
-
-	protected function generateNonce($value = null): string {
-		$bytes = \random_bytes((int) ($value ?? 32));
-		$this->nonce = \base64_encode($bytes);
-		$this->onNonce();
-		return $this->nonce;
-	}
-
-	public function getNonce() {
-		return $this->nonce;
-	}
-
 	/**
 	 * Outputs an closing </script>
 	 *
@@ -111,8 +94,4 @@ protected function conflict() {
 	public function addToCompile($jsScript) {
 		$this->_addToCompile($jsScript);
 	}
-
-	public function isAjax(): bool {
-		return (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && ! empty($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest');
-	}
 }

Ajax/php/ubiquity/JsUtils.php

@@ -3,9 +3,26 @@
 
 use Ubiquity\controllers\Startup;
 use Ubiquity\utils\http\URequest;
+use Ubiquity\security\csp\ContentSecurityManager;
 
 class JsUtils extends \Ajax\JsUtils {
 
+	/**
+	 * Outputs an opening <script>
+	 *
+	 * @param string $src
+	 * @return string
+	 */
+	protected function _open_script($src = '') {
+		$str = '<script ';
+		if (isset($this->params['nonce']) && ContentSecurityManager::isStarted()) {
+			$nonce = ContentSecurityManager::getNonce('jsUtils');
+			$str .= ' nonce="' . $nonce . '" ';
+		}
+		$str .= ($src == '') ? '>' : ' src="' . $src . '">';
+		return $str;
+	}
+
 	public function getUrl($url) {
 		return URequest::getUrl($url);
 	}