Use full file path for external library sources

Comment 9 months ago →
🇯🇵Japan ptmkenny
The patch in #2 needs a re-roll as of csp version 1.21.
Comment 9 months ago →
🇮🇳India Chandreshgiri Gauswami
Attaching re-rolled patch.
Open in Jenkins → Open on Drupal.org →
Core: 10.1.x + Environment: PHP 8.2 & MySQL 8
last update 9 months ago
127 pass, 1 fail
Open in Jenkins → Open on Drupal.org →
Core: 9.5.x + Environment: PHP 7.3 & MySQL 5.5
last update 9 months ago
Composer require failure
Open in Jenkins → Open on Drupal.org →
Core: 10.0.7 + Environment: PHP 8.2 & MySQL 8
last update 9 months ago
127 pass, 1 fail
Comment 9 months ago →
🇮🇳India Chandreshgiri Gauswami
Open in Jenkins → Open on Drupal.org →
Core: 10.1.x + Environment: PHP 8.2 & MySQL 8
last update 9 months ago
127 pass, 1 fail
Open in Jenkins → Open on Drupal.org →
Core: 9.5.x + Environment: PHP 7.3 & MySQL 5.5
last update 9 months ago
Composer require failure
Open in Jenkins → Open on Drupal.org →
Core: 10.0.7 + Environment: PHP 8.2 & MySQL 8
last update 9 months ago
127 pass, 1 fail
Comment 6 months ago →
🇨🇦Canada gapple
I'm working through a more comprehensive plan for how sources are included from libraries in 🌱 Improve handling of sources from libraries Active .

I'm inclined towards keeping allowing by domain as default, with the ability to allow by path as a configurable option.

It's a little unclear, but from what I understand CSP path matching only works on directories and the file name should be excluded: https://www.w3.org/TR/CSP3/#path-part-match

CSP allows upcasting on http: urls, so stripping the protocol is not necessary: https://www.w3.org/TR/CSP3/#scheme-part-match

Use full file path for external library sources

Comments & Activities