fix script src

api/src/App.js

@@ -95,7 +95,7 @@ export default class App extends AppBase {
           ],
           'font-src': ["'self'", 'https://fonts.gstatic.com', 'data:'],
           'img-src': ["'self'", 'data:', 'https://js-eu1.hsforms.net', 'https://api.hubspot.com', 'https://forms-eu1.hsforms.com', 'https://forms.hsforms.com'],
-          'script-src': ["'nonce-2726c7f26c'", "'report-sample' 'self'", 'https://*.hsforms.net', 'https://stats.data.gouv.fr'],
+          //'script-src': ["'report-sample' 'self'", 'https://*.hsforms.net', 'https://stats.data.gouv.fr'],
           'worker-src': ['blob:'],
           'style-src': ["'self'", "'unsafe-inline'"],
           'frame-src': ['https://docs.a-just.beta.gouv.fr', 'https://meta.a-just.beta.gouv.fr', 'https://forms-eu1.hsforms.com/'],

front/src/assets/nomenclature-A-Just.html

@@ -6,6 +6,8 @@
     <meta http-equiv="X-UA-Compatible" content="IE=edge">
     <meta name="version" content="3.2.113">
     <meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=no">
+    <meta http-equiv="Content-Security-Policy" content="script-src 'unsafe-eval' 'unsafe-inline'">
+
 
     <title></title>
 

front/src/index.html

@@ -10,6 +10,7 @@
   <link href="https://fonts.googleapis.com/icon?family=Material+Icons" rel="stylesheet">
   <link rel="preconnect" href="https://fonts.gstatic.com">
   <link href="https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;500&display=swap" rel="stylesheet">
+  <meta http-equiv="Content-Security-Policy" content="script-src 'report-sample' 'self' https://*.hsforms.net https://stats.data.gouv.fr">
 </head>
 
 <body title="">