Fix cypress config for v13 #1209
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
frederikprijck
temporarily deployed
to
internal
GitHub Actions
Inactive
frederikprijck
temporarily deployed
to
internal
GitHub Actions
Inactive
frederikprijck
temporarily deployed
to
internal
GitHub Actions
Inactive
frederikprijck
temporarily deployed
to
internal
GitHub Actions
Inactive
frederikprijck
temporarily deployed
to
internal
GitHub Actions
Inactive
frederikprijck
temporarily deployed
to
internal
GitHub Actions
Inactive
frederikprijck
temporarily deployed
to
internal
GitHub Actions
Inactive
frederikprijck
temporarily deployed
to
internal
GitHub Actions
Inactive
frederikprijck
temporarily deployed
to
internal
GitHub Actions
Inactive
7 tasks
ewanharris
reviewed
Dec 7, 2023
Co-authored-by: Ewan Harris <ewan.harris@okta.com>
frederikprijck
temporarily deployed
to
internal
GitHub Actions
Inactive
frederikprijck
temporarily deployed
to
internal
GitHub Actions
Inactive
frederikprijck
temporarily deployed
to
internal
GitHub Actions
Inactive
ewanharris
approved these changes
Dec 7, 2023
frederikprijck
added a commit
that referenced
this pull request
Dec 11, 2023
<!-- By submitting a PR to this repository, you agree to the terms within the [Auth0 Code of Conduct](https://github.com/auth0/open-source-template/blob/master/CODE-OF-CONDUCT.md). Please see the [contributing guidelines](https://github.com/auth0/.github/blob/master/CONTRIBUTING.md) for how to create and submit a high-quality PR for this repo. --> ### Changes When the SDK is used in combination with a strict Content-Security-Policy (CSP), the policy must include `worker-src: blob:` which raises a concern of `unsafe-eval`. This change allows the SDK to be configured to load the worker code from a trusted URL, compliant with the CSP, and allows the user to mitigate the concern. **Todo:** - [x] Just waiting for #1209 to land so that we can get e2e coverage of this ### References > As defined above, special URL schemes that refer to specific pieces of unique content, such as `data:`, `blob:` and `filesystem:` are excluded from matching a policy of * and must be explicitly listed. Policy authors should note that the content of such URLs is often derived from a response body or execution in a Document context, which may be unsafe. Especially for the [default-src](https://www.w3.org/TR/CSP2/#default_src) and [script-src](https://www.w3.org/TR/CSP2/#script_src) directives, policy authors should be aware that allowing `data:` URLs is equivalent to unsafe-inline and **allowing `blob:` or `filesystem:` URLs is equivalent to unsafe-eval**. https://www.w3.org/TR/CSP2/#source-list-guid-matching ### Testing <!-- Please describe how this can be tested by reviewers. Be specific about anything not tested and reasons why. If this library has unit and/or integration testing, tests should be added for new functionality and existing tests should complete without errors. --> - [X] This change adds unit test coverage - [ ] This change adds integration test coverage - [X] This change has been tested on the latest version of the platform/language ### Checklist - [X] I have read the [Auth0 general contribution guidelines](https://github.com/auth0/open-source-template/blob/master/GENERAL-CONTRIBUTING.md) - [X] I have read the [Auth0 Code of Conduct](https://github.com/auth0/open-source-template/blob/master/CODE-OF-CONDUCT.md) - [X] All code quality tools/guidelines have been run/followed --------- Co-authored-by: Frederik Prijck <frederik.prijck@auth0.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Changes
Our e2e tests were broken due to incorrectly configured cypress as of a certain version. Our CI didnt report this, but locally the issue was clear.
I also removed the migration tests. They were added to help test when we released v2, but thats been a while now so we can drop those.
Testing
Checklist