Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: add icp0-api.io to default CSP; default to allow raw access #3369

Merged
merged 2 commits into from
Sep 15, 2023

Conversation

ericswanson-dfinity
Copy link
Member

@ericswanson-dfinity ericswanson-dfinity commented Sep 15, 2023

Description

  1. Make redirects from raw to non-raw opt-in, rather than opt-out. The default allow_raw_access setting for assets is now true, rather than false. This is in part because webviews on iOS and Android don't handle service workers very well.

  2. Added https://icp-api.io/ to the default Content-Security-Policy header.

Cherry-picked from from #3337 (release-0.15.0 branch)

How Has This Been Tested?

Updated e2e tests

Checklist:

  • The title of this PR complies with Conventional Commits.
  • I have edited the CHANGELOG accordingly.
  • I have made corresponding changes to the documentation.

@ericswanson-dfinity ericswanson-dfinity marked this pull request as ready for review September 15, 2023 22:25
@mergify mergify bot merged commit 1509bc5 into master Sep 15, 2023
174 checks passed
@mergify mergify bot deleted the allow-raw-access-by-default branch September 15, 2023 22:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants