Don't add nonce to script-src when it already contains 'unsafe-inline'

[joukevandermaas]

Fixes #127.

I added a test for both the positive (should add nonce) and negative (should not add nonce) case, because I could not find a test for the former and I wanted to make sure I didn't accidentally break that scenario.

[jelhan]

Looks good to me.

[jelhan]

Closing and reopening so that Travis will hopefully pick this one up.

[jelhan]

TravisCI refuses to run this pull request with an Abuse detected error:

Haven't seen this before. A quick research on Google said that it might be fixed if you login to https://travis-ci.com/ once with your GitHub account. You could restart TravisCI by closing and reopening this pull request afterwards. Could you please try it?

[joukevandermaas]

I logged in and now I see this notification:

I wonder what I did to them 😄 I will contact their support.

[joukevandermaas]

I managed to clear up the issue with travis support, and it seems they unblocked my email. 🎉

[jelhan]

@joukevandermaas Thanks a lot for the fix. Not sure if we should backport it to v1. If not we should at least make sure to have a first release candidate of v2 soon. @rwjblue any preference? v2 is ready for first release candidate from my side. Just need to get the two pending pull requests merged before.

[urbany]

Just noticed this bug has been hitting me for a few months, is it safe to update to v2? or can we have a backport please? Thank you very much in advance!

[jelhan]

Just noticed this bug has been hitting me for a few months, is it safe to update to v2? or can we have a backport please? Thank you very much in advance!

Sorry for not replying back earlier. Upgrading to v2 should be safe. I think it's more stable than v1 at this point of time even though still considered a pre-release.