Enable specifying additional directives in library definitions

Created on 26 May 2024, 10 months ago

Updated 5 September 2024, 7 months ago

Problem/Motivation

Libraries may have additional directives or sources that cannot be parsed from their definition:

JavaScript loaders, that have a local file request additional scripts from an external domain
Font services, where a local CSS file references external font files
External images

If an additional set of CSP info can be provided in library definitions, then it is not necessary to implement an alter event subscriber to modify the policy. If a library specifies script-src-elem or style-src-elem, those values could be used instead of parsing the library's files for domains.

Proposed resolution

Add a new key to library definitions, which is parsed by the Library Policy Builder.

Remaining tasks

User interface changes

API changes

Data model changes

✨ Feature request

Status

Active

Version

2.0

Component

Code

Created by

🇨🇦Canada gapple

Live updates comments and jobs are added and updated live.

Comments & Activities

Issue created by @gapple
Comment 7 months ago →
🇨🇦Canada gapple
Comment 7 months ago →
🇨🇦Canada gapple
An option could be for libraries to specify if they should be a conditional include, so that their sources are only added when the library is present on the page instead of the current behaviour of always being added on every request. This would be one method to resolve the issue where a module may have optional libraries that are only included when a certain feature is enabled (e.g. IIRC webform has some libraries with external domains that are not used by default).

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024