Add nonce in style-src

* Fix progress bar in dashboards.

kitsune/settings.py

@@ -1146,7 +1146,7 @@ ZENDESK_COUNTRY_FIELD_ID = config("ZENDESK_COUNTRY_FIELD_ID", default="360026463
 LOGIN_EXCEPTIONS = frozenset(["mozilla-account"])
 
 # Django CSP configuration
-CSP_INCLUDE_NONCE_IN = ["script-src"]
+CSP_INCLUDE_NONCE_IN = ["script-src", "style-src"]
 
 CSP_DEFAULT_SRC = ("'none'",)
 

kitsune/sumo/static/sumo/scss/components/_dashboards.scss

@@ -0,0 +1,8 @@
+@use '../config' as c;
+@use 'protocol/css/includes/lib' as p;
+
+.absolute-graph {
+    display: block;
+    background-color: p.$color-green-60;
+    height: 1em;
+}

kitsune/sumo/static/sumo/scss/components/_index.scss

@@ -18,6 +18,7 @@
 @forward 'banner';
 @forward 'gallery-modal';
 @forward 'progress-bar';
+@forward 'dashboards';
 
 // for https://support.mozilla.org/en-US/kb/dashboard/metrics/aggregated
 @forward 'jqueryui';

webpack/entrypoints-html.js

@@ -12,7 +12,7 @@ module.exports = Object.keys(entrypoints).map(entry =>
     scriptLoading: "defer",
     templateContent: ({htmlWebpackPlugin}) => {
       if (entry == "screen") {
-        return `<link href="${htmlWebpackPlugin.files.css[0]}" rel="stylesheet">`;
+        return `<link href="${htmlWebpackPlugin.files.css[0]}" rel="stylesheet" nonce="{{ request.csp_nonce }}">`;
       }
       // inject nonce in the script for django-csp to populate
       htmlWebpackPlugin.tags.headTags.forEach(element => {