CSP issues with recent versions of Gin Layout Builder

Created on 9 February 2023, over 1 year ago

Updated 11 February 2024, 5 months ago

Problem/Motivation

The dist version of gin_lb_js.js contains calls to eval(). This originates from this commit: https://git.drupalcode.org/project/gin_lb/-/commit/930ba6d085c8b8ca29c8d.... It requires unsafe-eval in a content security policy (CPS) for Gin Layout Builder to work. This is not desirable. Not sure what happened here with the build and whether this is intentionally or by accident.

Steps to reproduce

Use Gin Layout Builder in combination with a CSP that does not allow unsafe-eval.

Proposed resolution

Deliver assets that can be used safely.

Remaining tasks

-
- Review MR
- Merge MR

User interface changes

N/A

API changes

N/A

Data model changes

N/A

🐛 Bug report

Status

Fixed

Version

1.0

Component

Code

Created by

🇳🇱Netherlands ricovandevin

Live updates comments and jobs are added and updated live.

Merge Requests

!37CSP issues with recent versions of Gin Layout Builder
Closed
🇳🇱Netherlands ricovandevin
updated 5 months ago

Comments & Activities

Issue created by @ricovandevin
Merge request !37Updated gin_lb_js.js to a production build. → (Closed) created by ricovandevin
Status changed to Needs review over 1 year ago12:15pm 9 February 2023
Comment over 1 year ago →
🇳🇱Netherlands ricovandevin
It looks like the file was included in dev version instead of as a production build. Fix in MR.
Status changed to Fixed over 1 year ago6:14pm 17 March 2023
Comment over 1 year ago →
🇩🇪Germany Christian.wiedemann
Thanks for reporting. Will checks this next time.
Status changed to Fixed over 1 year ago6:25pm 17 March 2023
Comment over 1 year ago →
🇩🇪Germany Christian.wiedemann
Comment 5 months ago →
System Message
Grimreaper → closed merge request !37

contrib.social Blog FAQ Discussions

Production build 0.69.0 2024