Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Update Glimpse.axd to CSP compliant #658
This pull contains all the necessary changes to make the Glimpse.axd full CSP Compliant and with full I mean that Glimpse.axd will run when the CSP header Content-Security-Policy is set to default-src 'self'
There have been some new resources defined, of which the
I also added a new feature to the
It also contains a little test page which shows that the Glimpse Client is not CSP Compliant with the CSP header mentioned above, but if we add style-src 'unsafe-inline' to the CSP header above, then it will work. So basically there is an issue with inline styles, which are used all over the place and might be hard to fix all of them. Also the CSS can't be part of the JS, because it is added as inline style to the HEAD of the document, so it must be returned separately.
@avanderhoorn I moved all of the embedded resources into a separate folder "EmbeddedResources" except for the