2 files changed, 9 insertions, 1 deletions

diff --git a/perllib/FixMyStreet/App.pm b/perllib/FixMyStreet/App.pm
index 3cbe1422f..4036e85ab 100644
--- a/perllib/FixMyStreet/App.pm
+++ b/perllib/FixMyStreet/App.pm
@@ -6,7 +6,6 @@ use Catalyst::Runtime 5.80;
 use FixMyStreet;
 use FixMyStreet::Cobrand;
 use Memcached;
-use mySociety::Random qw(random_bytes);
 use FixMyStreet::Map;
 use FixMyStreet::Email;
 use Utils;
@@ -161,6 +160,8 @@ sub setup_request {
 
     my $cobrand = $c->cobrand;
 
+    $cobrand->add_response_headers if $cobrand->can('add_response_headers');
+
     # append the cobrand templates to the include path
     $c->stash->{additional_template_paths} = $cobrand->path_to_web_templates;
 
diff --git a/perllib/FixMyStreet/Cobrand/FixMyStreet.pm b/perllib/FixMyStreet/Cobrand/FixMyStreet.pm
index b321a21c4..1fb822893 100644
--- a/perllib/FixMyStreet/Cobrand/FixMyStreet.pm
+++ b/perllib/FixMyStreet/Cobrand/FixMyStreet.pm
@@ -1,6 +1,8 @@
 package FixMyStreet::Cobrand::FixMyStreet;
 use base 'FixMyStreet::Cobrand::UK';
 
+use mySociety::Random;
+
 use constant COUNCIL_ID_BROMLEY => 2482;
 
 # Special extra
@@ -17,6 +19,11 @@ sub path_to_email_templates {
     ];
 }
 
+sub add_response_headers {
+    my $self = shift;
+    my $csp_nonce = $self->{c}->stash->{csp_nonce} = unpack('h*', mySociety::Random::random_bytes(16, 1));
+    $self->{c}->res->header('Content-Security-Policy', "script-src 'self' www.google-analytics.com www.googleadservices.com 'unsafe-inline' 'nonce-$csp_nonce'")
+}
 
 # FixMyStreet should return all cobrands
 sub restriction {