Implementing Subresource Integrity (#1729)

* Add sprockets-rails to Gemfile

* Add sprockets-rails to Gemfile.lock

* Update show.html.haml

* Update index.html.haml

* Update admin.html.haml

* Update auth.html.haml

* Update embedded.html.haml

* Update public.html.haml

8 files changed, 8 insertions, 6 deletions

diff --git a/Gemfile b/Gemfile
index 9a1792623..a1313f617 100644
--- a/Gemfile
+++ b/Gemfile
@@ -50,6 +50,7 @@ gem 'sidekiq'
 gem 'sidekiq-unique-jobs'
 gem 'simple-navigation'
 gem 'simple_form'
+gem 'sprockets-rails', :require => 'sprockets/railtie'
 gem 'statsd-instrument'
 gem 'twitter-text'
 gem 'tzinfo-data'
diff --git a/Gemfile.lock b/Gemfile.lock
index f1bc9880e..c7ea894dc 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -520,6 +520,7 @@ DEPENDENCIES
   simple-navigation
   simple_form
   simplecov
+  sprockets-rails
   statsd-instrument
   twitter-text
   tzinfo-data
diff --git a/app/views/about/show.html.haml b/app/views/about/show.html.haml
index 0c066962d..922e42575 100644
--- a/app/views/about/show.html.haml
+++ b/app/views/about/show.html.haml
@@ -1,5 +1,5 @@
 - content_for :header_tags do
-  = javascript_include_tag 'application_public'
+  = javascript_include_tag 'application_public', integrity: true
 
 - content_for :page_title do
   = Rails.configuration.x.local_domain
diff --git a/app/views/home/index.html.haml b/app/views/home/index.html.haml
index 9e3b94463..6cb715576 100644
--- a/app/views/home/index.html.haml
+++ b/app/views/home/index.html.haml
@@ -3,6 +3,6 @@
     window.STREAMING_API_BASE_URL = '#{Rails.configuration.x.streaming_api_base_url}';
     window.INITIAL_STATE = #{json_escape(render(file: 'home/initial_state', formats: :json))}
 
-  = javascript_include_tag 'application'
+  = javascript_include_tag 'application', integrity: true
 
 = react_component 'Mastodon', default_props, class: 'app-holder', prerender: false
diff --git a/app/views/layouts/admin.html.haml b/app/views/layouts/admin.html.haml
index 59fe078df..fa364750f 100644
--- a/app/views/layouts/admin.html.haml
+++ b/app/views/layouts/admin.html.haml
@@ -1,5 +1,5 @@
 - content_for :header_tags do
-  = javascript_include_tag 'application_public'
+  = javascript_include_tag 'application_public', integrity: true
 
 - content_for :content do
   .admin-wrapper
diff --git a/app/views/layouts/auth.html.haml b/app/views/layouts/auth.html.haml
index db841d27a..bf4113baf 100644
--- a/app/views/layouts/auth.html.haml
+++ b/app/views/layouts/auth.html.haml
@@ -1,5 +1,5 @@
 - content_for :header_tags do
-  = javascript_include_tag 'application_public'
+  = javascript_include_tag 'application_public', integrity: true
 
 - content_for :content do
   .container
diff --git a/app/views/layouts/embedded.html.haml b/app/views/layouts/embedded.html.haml
index adbf0a287..c34247c91 100644
--- a/app/views/layouts/embedded.html.haml
+++ b/app/views/layouts/embedded.html.haml
@@ -3,6 +3,6 @@
   %head
     %meta{:charset => 'utf-8'}/
     = stylesheet_link_tag 'application', media: 'all'
-    = javascript_include_tag 'application_public'
+    = javascript_include_tag 'application_public', integrity: true
   %body.embed
     = yield
diff --git a/app/views/layouts/public.html.haml b/app/views/layouts/public.html.haml
index 808fb0a0e..56781a286 100644
--- a/app/views/layouts/public.html.haml
+++ b/app/views/layouts/public.html.haml
@@ -1,5 +1,5 @@
 - content_for :header_tags do
-  = javascript_include_tag 'application_public'
+  = javascript_include_tag 'application_public', integrity: true
 
 - content_for :content do
   .container= yield