hanami-webpack icon indicating copy to clipboard operation
hanami-webpack copied to clipboard

Published 20 hours ago verified publisher icon samuelsimoes

extended CSP handling

Open glaszig opened this issue 5 years ago • 1 comments

currently, only the script-src directive gets the webpack dev server url appended and that under the assumption that i'd like my script-src replaced the following way:

replace script-src 'self' with script-src 'self' 'unsafe-eval' http://webpack.

which only really works if i have a policy of excactly script-src 'self' .... also, it does not append all the other necessary policies, that is:

  • connect-src for the hot-reload feature of webpack
  • font-src for webpack-packaged fonts
  • style-src for webpack-packaged stylesheets
  • script-src for webpack-packaged javascripts

this patch fixes this.

also introduces proper testing (at least for this feature).

glaszig avatar Aug 16 '19 22:08 glaszig

bump

glaszig avatar Feb 11 '21 06:02 glaszig