- Issue created by @attilatilman
- π§πͺBelgium wim leers Ghent π§πͺπͺπΊ
Excellent find, thanks!
We should have a test that reproduces this, to ensure XB indeed works on sites with
Content-Security-Policyactive.Ideally, that test wouldn't require installing the
seckitmodule, but we could make that work β see π Page has Metatag integration Active for how we added a test for XB +metatag, without making XB depend on it.I have created a simple component which has a Heading text
Is this an SDC? Is this the existing
experience_builder:headingSDC? - ππΊHungary attilatilman
I have created a component from scratch through XB. Attached screenshot about example.
- π³π±Netherlands balintbrews Amsterdam, NL
wim leers β credited balintbrews β .
- π§πͺBelgium wim leers Ghent π§πͺπͺπΊ
#3: Ah, that makes a ton more sense: it's a code component. I suspected it, but couldn't be certain based on the issue summary. Cool, then we'll be able to reproduce this easily.
I hear from @balintbrews that there's been chats about this problem space, and that @mglaman has additional detail to share, as well as @effulgentsia. Since Matt is further east than Alex, assigning to him first.
- Assigned to balintbrews
- π§πͺBelgium wim leers Ghent π§πͺπͺπΊ
AFAICT this has been (largely?) solved elsewhere?
@balintbrews, can you give us an update? ππ
- π³π±Netherlands balintbrews Amsterdam, NL
π Do not inline script for code editor preview Active was our immediate response, but it didn't fix everything. E.g. we still use the blob URI scheme, which still may not be great when it comes to strict CSP configurations.
@attilatilman, what is the current config you're using?
- π§πͺBelgium wim leers Ghent π§πͺπͺπΊ
This seems like a stable blocker? π
- π§πͺBelgium wim leers Ghent π§πͺπͺπΊ
Or even π± Milestone 1.0.0-beta1: Start creating non-throwaway sites Active .
- πΊπΈUnited States effulgentsia
Per discussion with @lauriii, this doesn't have to block beta1, but it would be good to resolve early in the beta phase.
