Michael Crenshaw

@justinwatkinson would you be willing to open a new PR based on this one and resolve the conflicts? I'd review.

@deepto98 let me know if I can be any help here!

@deepto98 I have this on my TODO list, but I'd like to do a thorough review of our default CSP settings. I think there's room for improvement.

@deepto98 finally had a chance to look into it. Can you drop the unsafe-eval? Testing locally, I don't think it's necessary. Otherwise I think this policy is the best we...

I think we have a default CSP set, it's just not very restrictive. https://github.com/argoproj/argo-cd/blob/3008b525f08fd3f0fc8562b7a8daecd0f375f773/cmd/argocd-server/commands/argocd_server.go#L194 So your recommendation would be that we 1) augment that default to include the items you've...

@deepto98 absolutely! Let me know if you need any help. 🙂

That's my understanding as well! There are a few ways to run locally. Here's the documented way: https://argo-cd.readthedocs.io/en/stable/developer-guide/running-locally/ I usually just install the latest manifests and then re-tag images as...

@ftsell do you remember why you needed `unsafe-eval`?

@ftsell fwiw I just tested without unsafe-eval. It works if and only if I do a production webpack build instead of a development build.

@kenchan0130 just trying to make sure I understand. The tested "invalid" path is in fact a valid `repo.Repo` value, correct? So won't this just mean that constructing the CA path...