Skip to content
This repository has been archived by the owner on Feb 14, 2020. It is now read-only.

Add unsafe-inline and blob: sources to Content Security Policy #5

Merged
merged 3 commits into from
May 24, 2018
Merged

Add unsafe-inline and blob: sources to Content Security Policy #5

merged 3 commits into from
May 24, 2018

Conversation

rbreslow
Copy link
Contributor

Overview

Add unsafe-inline and blob: sources to Content Security Policy.

Fixes #4

Testing Instructions

See deploy preview in PR checks.

@rbreslow rbreslow self-assigned this May 24, 2018
@rbreslow rbreslow requested a review from tnation14 May 24, 2018 02:32
@rbreslow
Copy link
Contributor Author 

[Error] TypeError: undefined is not a function (near '...}).finally(function () {...')
	warpImage (main.js:218)
	dispatch (jquery-3.3.1.min.js:2:41778)
[Error] Unhandled Promise Rejection: Error: Can't find variable: File
	(anonymous function) (loam.min.js:1:1402)
	promiseReactionJob

This looks unrelated to CSP stuff. Will take a look tomorrow.

@ddohler
Copy link

ddohler commented May 24, 2018

That's a Safari-specific bug in Loam: azavea/loam#20 . It was known at deployment time and we made a decision to ignore it, so it's not critical to fix right now.

@tnation14
Copy link

👍 Nice work. In testing this, I also noticed some blocked requests for data: URIs coming from Leaflet. I think you should add data: to the CSP as well.

@rbreslow rbreslow merged commit fed344d into master May 24, 2018
@rbreslow rbreslow deleted the feature/jrb/refactor-csp branch May 24, 2018 13:20
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@tnation14 tnation14 tnation14 approved these changes

Assignees

@rbreslow rbreslow

Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rbreslow @ddohler @tnation14