From 234a3258271b8aac4a6ec246eb6a147931af3995 Mon Sep 17 00:00:00 2001
From: Divya Karippath <divya.vannilaparambath@walmart.com>
Date: Fri, 5 Nov 2021 15:27:49 -0700
Subject: [PATCH] [fix] disable nonce for script,style or both

---
 packages/xarc-subapp/src/node/init-v2.ts            | 4 ++--
 packages/xarc-subapp/src/node/types.ts              | 2 +-
 packages/xarc-subapp/src/node/utils.ts              | 6 +++++-
 packages/xarc-subapp/test/spec/node/init-v2.spec.ts | 4 ++--
 4 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/packages/xarc-subapp/src/node/init-v2.ts b/packages/xarc-subapp/src/node/init-v2.ts
index eae9e105f..03d617eca 100644
--- a/packages/xarc-subapp/src/node/init-v2.ts
+++ b/packages/xarc-subapp/src/node/init-v2.ts
@@ -194,13 +194,13 @@ export function initSubApp(setupContext: any, setupToken: Partial<{ props: InitP
 
       const addScriptNonce = (text: string) => {
         return !scriptNonceAttr
-          ? text
+          ? text && text.replace(/{{SCRIPT_NONCE}}/g, "")
           : text && text.replace(/{{SCRIPT_NONCE}}/g, context.user.scriptNonceAttr);
       };
 
       const addStyleNonce = (text: string) => {
         return !styleNonceAttr
-          ? text
+          ? text && text.replace(/{{STYLE_NONCE}}/g, "")
           : text && text.replace(/{{STYLE_NONCE}}/g, context.user.styleNonceAttr);
       };
 
diff --git a/packages/xarc-subapp/src/node/types.ts b/packages/xarc-subapp/src/node/types.ts
index 2f7aa04b8..26b152156 100644
--- a/packages/xarc-subapp/src/node/types.ts
+++ b/packages/xarc-subapp/src/node/types.ts
@@ -11,7 +11,7 @@ export type NonceInfo = {
   style?: boolean;
 
   /** nonce tokens */
-  tokens: {
+  tokens?: {
     all?: string;
     script?: string;
     style?: string;
diff --git a/packages/xarc-subapp/src/node/utils.ts b/packages/xarc-subapp/src/node/utils.ts
index 38d3430b5..b76735c9e 100644
--- a/packages/xarc-subapp/src/node/utils.ts
+++ b/packages/xarc-subapp/src/node/utils.ts
@@ -91,8 +91,12 @@ export function generateNonce(
   if (nonce) {
     if (nonce[tag] === false) {
       return { attr: "" };
+    } else if (nonce.tokens || nonce.generator) {
+      nonceToken = nonce.tokens[tag] || nonce.tokens.all || nonce.generator(tag);
+    } else {
+      nonceToken = nonceGenerator(tag);
+      nonce = { tokens: { all: nonceToken, [tag]: nonceToken } };
     }
-    nonceToken = nonce.tokens[tag] || nonce.tokens.all || nonce.generator(tag);
   } else {
     nonceToken = nonceGenerator(tag);
     nonce = { tokens: { all: nonceToken, [tag]: nonceToken } };
diff --git a/packages/xarc-subapp/test/spec/node/init-v2.spec.ts b/packages/xarc-subapp/test/spec/node/init-v2.spec.ts
index 3a6f465f8..8a93ccd67 100644
--- a/packages/xarc-subapp/test/spec/node/init-v2.spec.ts
+++ b/packages/xarc-subapp/test/spec/node/init-v2.spec.ts
@@ -100,8 +100,8 @@ describe("Test init-v2", () => {
       }
     };
     const result = initializer.process(context);
-    expect(result).contains(`<script{{SCRIPT_NONCE}}`);
-    expect(result).contains(`<link{{STYLE_NONCE}}`);
+    expect(result).to.not.contain(`<script{{SCRIPT_NONCE}}`);
+    expect(result).to.not.contain(`<link{{STYLE_NONCE}}`);
   });
 
   it("test initSubApp without CDN Map", () => {