diff --git a/.eslintignore b/.eslintignore
index 682db9004..0fb9f18e5 100644
--- a/.eslintignore
+++ b/.eslintignore
@@ -1,4 +1,15 @@
+*.min.js
+
+# libraries
web/api/lib
-web/skins/classic/js/jquery-1.11.3.js
+web/includes/csrf/csrf-magic.js
+web/js/videojs.zoomrotate.js
+web/skins/classic/js/bootstrap.js
+web/skins/classic/js/chosen
+web/skins/classic/js/dateTimePicker
+web/skins/classic/js/jquery-*.js
+web/skins/classic/js/jquery-ui-*
web/skins/classic/js/jquery.js
+web/skins/classic/js/moment.js
+web/skins/classic/js/video.js
web/tools/mootools
diff --git a/.eslintrc.js b/.eslintrc.js
index fa4d6b6e5..dd1f9a779 100644
--- a/.eslintrc.js
+++ b/.eslintrc.js
@@ -9,6 +9,7 @@ module.exports = {
"brace-style": "off",
"camelcase": "off",
"comma-dangle": "off",
+ "guard-for-in": "off",
"key-spacing": "off",
"max-len": "off",
"new-cap": ["error", {
diff --git a/web/includes/functions.php b/web/includes/functions.php
index 3026efaf5..bf9ac06d7 100644
--- a/web/includes/functions.php
+++ b/web/includes/functions.php
@@ -38,10 +38,13 @@ function noCacheHeaders() {
function CSPHeaders($view, $nonce) {
switch ($view) {
case 'bandwidth':
+ case 'blank':
case 'function':
case 'log':
+ case 'login':
case 'logout':
case 'options':
+ case 'privacy':
case 'version': {
// Enforce script-src on pages where inline scripts and event handlers have been fixed.
// 'unsafe-inline' is only for backwards compatibility with browsers which
diff --git a/web/index.php b/web/index.php
index 29e67d628..7d13e9ce1 100644
--- a/web/index.php
+++ b/web/index.php
@@ -174,7 +174,6 @@ if ( isset($_REQUEST['view']) )
# Add CSP Headers
$cspNonce = bin2hex(openssl_random_pseudo_bytes(16));
-CSPHeaders($view, $cspNonce);
$request = null;
if ( isset($_REQUEST['request']) )
@@ -231,6 +230,8 @@ if ( ZM_OPT_USE_AUTH and !isset($user) ) {
$request = null;
}
+CSPHeaders($view, $cspNonce);
+
if ( $redirect ) {
header('Location: '.$redirect);
return;
diff --git a/web/js/Server.js b/web/js/Server.js
index 61d1ff713..73524e673 100644
--- a/web/js/Server.js
+++ b/web/js/Server.js
@@ -1,10 +1,10 @@
'use strict';
-var _createClass = function () { function defineProperties(target, props) { for (var i = 0; i < props.length; i++) { var descriptor = props[i]; descriptor.enumerable = descriptor.enumerable || false; descriptor.configurable = true; if ("value" in descriptor) descriptor.writable = true; Object.defineProperty(target, descriptor.key, descriptor); } } return function (Constructor, protoProps, staticProps) { if (protoProps) defineProperties(Constructor.prototype, protoProps); if (staticProps) defineProperties(Constructor, staticProps); return Constructor; }; }();
+var _createClass = function() { function defineProperties(target, props) { for (var i = 0; i < props.length; i++) { var descriptor = props[i]; descriptor.enumerable = descriptor.enumerable || false; descriptor.configurable = true; if ("value" in descriptor) descriptor.writable = true; Object.defineProperty(target, descriptor.key, descriptor); } } return function(Constructor, protoProps, staticProps) { if (protoProps) defineProperties(Constructor.prototype, protoProps); if (staticProps) defineProperties(Constructor, staticProps); return Constructor; }; }();
function _classCallCheck(instance, Constructor) { if (!(instance instanceof Constructor)) { throw new TypeError("Cannot call a class as a function"); } }
-var Server = function () {
+var Server = function() {
function Server(json) {
_classCallCheck(this, Server);
diff --git a/web/skins/classic/includes/export_functions.php b/web/skins/classic/includes/export_functions.php
index eb505f18b..5981664e3 100644
--- a/web/skins/classic/includes/export_functions.php
+++ b/web/skins/classic/includes/export_functions.php
@@ -71,10 +71,10 @@ html ul.tabs li.active, html ul.tabs li.active a:hover {
}
-->
-
-
@@ -34,4 +34,5 @@ opener.location.reload(true);
+