src/lib/htmshell.c 1618f943df5d435b2ec6b1fa6738b0d50f90a19a

1618f943df5d435b2ec6b1fa6738b0d50f90a19a
jcasper
  Fri Jan 11 15:47:11 2019 -0800
Revamp of CIRM CGI look to match static pages, refs #22765

diff --git src/lib/htmshell.c src/lib/htmshell.c
index 8612c0d..46d1f19 100644
--- src/lib/htmshell.c
+++ src/lib/htmshell.c
@@ -958,33 +958,34 @@
 dyStringAppend(policy, " 'unsafe-inline'");
 // For browsers that DO understand nonces and CSP2, they ignore 'unsafe-inline' in script if nonce is present.
 char *noncePolicy=getNoncePolicy();
 dyStringPrintf(policy, " %s", noncePolicy);
 freeMem(noncePolicy);
 dyStringAppend(policy, " code.jquery.com");          // used by hgIntegrator jsHelper and others
 dyStringAppend(policy, " www.google-analytics.com"); // used by google analytics
 // cirm cdw lib and web browse
 dyStringAppend(policy, " www.samsarin.com/project/dagre-d3/latest/dagre-d3.js");
 dyStringAppend(policy, " cdnjs.cloudflare.com/ajax/libs/d3/3.4.4/d3.min.js");
 dyStringAppend(policy, " cdnjs.cloudflare.com/ajax/libs/jquery/1.12.1/jquery.min.js");
 dyStringAppend(policy, " cdnjs.cloudflare.com/ajax/libs/jstree/3.2.1/jstree.min.js");
 dyStringAppend(policy, " cdnjs.cloudflare.com/ajax/libs/bowser/1.6.1/bowser.min.js");
 dyStringAppend(policy, " cdnjs.cloudflare.com/ajax/libs/jstree/3.3.4/jstree.min.js");
 dyStringAppend(policy, " login.persona.org/include.js");
+dyStringAppend(policy, " cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js");
 // expMatrix
-dyStringAppend(policy, " ajax.googleapis.com/ajax");
-dyStringAppend(policy, " maxcdn.bootstrapcdn.com/bootstrap");
+dyStringAppend(policy, " ajax.googleapis.com");
+dyStringAppend(policy, " maxcdn.bootstrapcdn.com");
 dyStringAppend(policy, " d3js.org/d3.v3.min.js");
 // jsHelper
 dyStringAppend(policy, " cdn.datatables.net");
 
 dyStringAppend(policy, ";");
 
 
 dyStringAppend(policy, " style-src * 'unsafe-inline';");
 
 /* more secure method not used yet 
 dyStringAppend(policy, " style-src 'self' 'unsafe-inline'");
 dyStringAppend(policy, " code.jquery.com");          // used by hgIntegrator
 dyStringAppend(policy, " netdna.bootstrapcdn.com");  // used by hgIntegrator
 dyStringAppend(policy, " fonts.googleapis.com");    // used by hgGateway
 dyStringAppend(policy, " maxcdn.bootstrapcdn.com"); // used by hgGateway