Fix CSP violation on login page by moving inline script to external file

2 files changed, 13 insertions, 5 deletions

diff --git a/web/static/login.html b/web/static/login.html
index c469528..49034a6 100644
--- a/web/static/login.html
+++ b/web/static/login.html
@@ -1,5 +1,6 @@
 <!DOCTYPE html>
 <html lang="en">
+
 <head>
     <meta charset="UTF-8">
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
@@ -112,6 +113,7 @@
         }
     </style>
 </head>
+
 <body>
     <div class="login-card">
         <h1>Welcome Back</h1>
@@ -127,13 +129,11 @@
             </div>
             <button type="submit">Sign In</button>
         </form>
-        <script>
-            var match = document.cookie.split('; ').find(function(row) { return row.startsWith('csrf_token='); });
-            if (match) document.getElementById('csrf_token').value = match.split('=')[1];
-        </script>
+        <script src="/static/login_script.js"></script>
         <div class="footer">
             Neko RSS Reader
         </div>
     </div>
 </body>
-</html>
+
+</html>
\ No newline at end of file
diff --git a/web/static/login_script.js b/web/static/login_script.js
new file mode 100644
index 0000000..75d29f4
--- /dev/null
+++ b/web/static/login_script.js
@@ -0,0 +1,8 @@
+window.addEventListener('DOMContentLoaded', function () {
+    var match = document.cookie.split('; ').find(function (row) { return row.startsWith('csrf_token='); });
+    if (match) {
+        var token = match.split('=')[1];
+        var input = document.getElementById('csrf_token');
+        if (input) input.value = token;
+    }
+});