CaptchaBundle icon indicating copy to clipboard operation
CaptchaBundle copied to clipboard
verified publisher icon Gregwar

Make compatible with secure Content-Security-Policy

Open junowilderness opened this issue 6 years ago • 3 comments

A reasonable Content-Security-Policy sets 'script-src' to 'self', which blocks inline JavaScript. This module currently uses inline JavaScript for the refresh feature.

junowilderness avatar Jul 09 '19 13:07 junowilderness

@Gregwar @cilefen I also ran into the Content-Security-Policy story. It seems good to me to implement this, some minor updates will have to be adjusted for this. Hopefully I will have some time soon to submit a new pull request for this (unless someone else has time for this).

Olaf1989 avatar Jun 05 '20 13:06 Olaf1989

This is a bit "much" but this is how SF excepts the profile toolbar.

junowilderness avatar Jun 15 '20 17:06 junowilderness

@cilefen that is a nice solution, but I think this is, indeed, a bit too big for the small piece of javascript code what matters to us.

Olaf1989 avatar Jun 20 '20 11:06 Olaf1989