Contrib.social

Enable specifying additional directives in library definitions

Open on Drupal.org β†’
Created on 26 May 2024, about 1 month ago

Problem/Motivation

Libraries may have additional directives or sources that cannot be parsed from their definition:

  • JavaScript loaders, that have a local file request additional scripts from an external domain
  • Font services, where a local CSS file references external font files

If an additional set of CSP info can be provided in library definitions, then it is not necessary to implement an alter event subscriber to modify the policy. If a library specifies script-src-elem or style-src-elem, those values could be used instead of parsing the library's files for domains.

Proposed resolution

Add a new key to library definitions, which is parsed by the Library Policy Builder.

Remaining tasks

User interface changes

API changes

Data model changes

✨ Feature request
Status

Active

Version

2.0

Component

Code

Created by

πŸ‡¨πŸ‡¦Canada gapple

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

contrib.social Blog FAQ Discussions
Production build 0.69.0 2024