Allow for NONCEs on inline scripts (#799)

* Allow for NONCEs on inline scripts

In order to support CSP-Header.

See also
* 6e62a00
* #785

* Remove explicit removal of NONCEs

---------

Co-authored-by: rvogel <vogel@hallowelt.biz>

Author: osnard

SemanticResultFormats.utils.php

@@ -39,7 +39,7 @@ public static function addGlobalJSVariables() {
 		];
 
 		$requireHeadItem = [ 'srf.options' => $options ];
-		SMWOutputs::requireHeadItem( 'srf.options', self::makeVariablesScript( $requireHeadItem, false ) );
+		SMWOutputs::requireHeadItem( 'srf.options', self::makeVariablesScript( $requireHeadItem ) );
 	}
 
 	/**
@@ -77,6 +77,9 @@ public static function htmlQueryResultLink( $link ) {
 	 */
 	public static function makeVariablesScript( $data, $nonce = null ) {
 		$script = ResourceLoader::makeConfigSetScript( $data );
+		if ( $nonce === null ) {
+			$nonce = RequestContext::getMain()->getOutput()->getCSP()->getNonce();
+		}
 
 		return ResourceLoader::makeInlineScript( $script, $nonce );
 	}

formats/media/MediaPlayer.php

@@ -302,7 +302,7 @@ protected function getFormatOutput( $data ) {
 		];
 
 		$requireHeadItem = [ $ID => FormatJson::encode( $output ) ];
-		SMWOutputs::requireHeadItem( $ID, SRFUtils::makeVariablesScript( $requireHeadItem, false ) );
+		SMWOutputs::requireHeadItem( $ID, SRFUtils::makeVariablesScript( $requireHeadItem ) );
 
 		SMWOutputs::requireResource( 'ext.jquery.jplayer.skin.' . $this->params['theme'] );
 		SMWOutputs::requireResource( 'ext.srf.formats.media' );