From 53a268fb7125e44d6edb03ef16b0e9bda691a825 Mon Sep 17 00:00:00 2001
From: Severiano Badajoz <sbadajoz@chanzuckerberg.com>
Date: Wed, 12 Aug 2020 11:31:12 -0700
Subject: [PATCH] Surround script hash in single quotes (#1735)

* add disclaimer about changing the script

* add hash for obsolete browser script

* add explicit domain img-src

* add single quotes

* add quotes to `data:`

* change order and remove single quotes

* lint, remove extra slash, and make hash an array

* add links to S3

* surround script has in single quotes
---
 server/eb/app.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/eb/app.py b/server/eb/app.py
index aabf67ed0..55f68511e 100644
--- a/server/eb/app.py
+++ b/server/eb/app.py
@@ -98,7 +98,7 @@ def _before_adding_routes(app, app_config):
         server_config = app_config.server_config
         # This hash should be in sync with the script within
         # `client/configuration/webpack/obsoleteHTMLTemplate.html`
-        obsolete_browser_script_hash = ['SHA25-0028D52E332C015C3ED9929926F4000BB4020B8CB85C1F5769D6AA3BA711F58E']
+        obsolete_browser_script_hash = ["'SHA25-0028D52E332C015C3ED9929926F4000BB4020B8CB85C1F5769D6AA3BA711F58E'"]
         csp = {
             "default-src": ["'self'"],
             "connect-src": ["'self'"],