- Issue created by @attilatilman
- 🇧🇪Belgium wim leers Ghent 🇧🇪🇪🇺
Excellent find, thanks!
We should have a test that reproduces this, to ensure XB indeed works on sites with
Content-Security-Policyactive.Ideally, that test wouldn't require installing the
seckitmodule, but we could make that work — see 📌 Page has Metatag integration Active for how we added a test for XB +metatag, without making XB depend on it.I have created a simple component which has a Heading text
Is this an SDC? Is this the existing
experience_builder:headingSDC? - 🇭🇺Hungary attilatilman
I have created a component from scratch through XB. Attached screenshot about example.
- 🇧🇪Belgium wim leers Ghent 🇧🇪🇪🇺
#3: Ah, that makes a ton more sense: it's a code component. I suspected it, but couldn't be certain based on the issue summary. Cool, then we'll be able to reproduce this easily.
I hear from @balintbrews that there's been chats about this problem space, and that @mglaman has additional detail to share, as well as @effulgentsia. Since Matt is further east than Alex, assigning to him first.
- Assigned to balintbrews
- 🇧🇪Belgium wim leers Ghent 🇧🇪🇪🇺
AFAICT this has been (largely?) solved elsewhere?
@balintbrews, can you give us an update? 😇🙏
- 🇳🇱Netherlands balintbrews Amsterdam, NL
📌 Do not inline script for code editor preview Active was our immediate response, but it didn't fix everything. E.g. we still use the blob URI scheme, which still may not be great when it comes to strict CSP configurations.
@attilatilman, what is the current config you're using?
- 🇧🇪Belgium wim leers Ghent 🇧🇪🇪🇺
Or even 🌱 Milestone 1.0.0-beta1: Start creating non-throwaway sites Active .
