[2.9.x] Fix `play-scala-websocket-example` (missing csp nonce) (backport #668) by @mkurz

[mergify[bot]]

• Alternative for #667

The example is not working because the js files can not be loaded because they violate the csp directives. Play's default script-src directive is this one:

      # script-src defaults according to https://csp.withgoogle.com/docs/strict-csp.html
      # https://www.w3.org/TR/CSP3/#directive-script-src
      script-src = ${play.filters.csp.nonce.pattern} "'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:"

So for this example this will be rendered to following header:

Content-Security-Policy: base-uri 'none'; script-src 'nonce-1BANcXNZ6pGIEXrrAszpvw==' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; default-src 'self'; object-src 'none'; connect-src 'self' ws://localhost:9000

So all we need to do is to add the nonce to the js files so they are allowed to load. It's basically the same we fixed #662 with.

---

This is an automatic backport of pull request #668 done by Mergify.

[mergify[bot]]

Cherry-pick of 3d4711da77460bf888215a1d7595bc9053fd698d has failed:

On branch mergify/bp/2.9.x/pr-668
Your branch is ahead of 'origin/2.9.x' by 1 commit.
  (use "git push" to publish your local commits)

You are currently cherry-picking commit 3d4711da.
  (fix conflicts and run "git cherry-pick --continue")
  (use "git cherry-pick --skip" to skip this patch)
  (use "git cherry-pick --abort" to cancel the cherry-pick operation)

Changes to be committed:
    modified:   play-scala-websocket-example/app/assets/javascripts/index.coffee
    modified:   play-scala-websocket-example/app/assets/stylesheets/main.less
    modified:   play-scala-websocket-example/app/views/index.scala.html
    modified:   play-scala-websocket-example/test/controllers/WebSocketClient.java

Unmerged paths:
  (use "git add <file>..." to mark resolution)
    both modified:   play-scala-websocket-example/build.sbt
    both modified:   play-scala-websocket-example/conf/application.conf
    both modified:   play-scala-websocket-example/conf/logback.xml
    both modified:   play-scala-websocket-example/project/plugins.sbt

To fix up this pull request, you can check it out locally. See documentation: https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/checking-out-pull-requests-locally

[mkurz]

@ihostage OK wow I overwrote your changes because I force pushed 1 minute after your, sorry I didn't see that.

[ihostage]

@ihostage OK wow I overwrote your changes because I force pushed 1 minute after your, sorry I didn't see that.

no problem, only result is matter 😉