Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add csp meta-tag support #650

Merged
merged 1 commit into from Jun 23, 2015
Merged

Add csp meta-tag support #650

merged 1 commit into from Jun 23, 2015

Conversation

alexbaumgertner
Copy link
Member

No description provided.

tadatuta
tadatuta reviewed Jun 1, 2015
View reviewed changes
blocks-common/b-page/__csp/b-page__csp.bemhtml

attrs: {
'http-equiv': 'Content-Security-Policy',
'content': Object.keys(this.ctx.policies).map(function(name) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

won't work in IE < 9

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This template wil never work in browser. According w3c, inserting meta tag in browser doesn't work.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure W3C can help us with

BEM.DOM.decl('page', {
    onDoSomething: function() {
        BEM.DOM.replace(this.domElem, BEMHTML.apply({
            block: 'page',
            content: { elem: 'csp' }
        }));
    }
});

;)

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@alexbaumgertner Let's add deps from i-ecma__object, in 3.x it could be an issue.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

And i-ecma__array for map

@alexbaumgertner alexbaumgertner force-pushed the feature/csp branch 2 times, most recently from c6a856f to 685cf18 Compare June 3, 2015 15:14
tadatuta
tadatuta reviewed Jun 3, 2015
View reviewed changes
blocks-common/b-page/__csp/b-page__csp.bemhtml

ctx.policies = this.extend(defaultPolicies, ctx.policies);

// Параметр nonce распространяется только на <script> и <style>.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you please translate comments into English?

@alexbaumgertner alexbaumgertner force-pushed the feature/csp branch 5 times, most recently from ccdd1c8 to 35f04a9 Compare June 3, 2015 18:26
@alexbaumgertner
Copy link
Member Author

@tadatuta @mishaberezin Fixes

@alexbaumgertner alexbaumgertner changed the title Add csp meta-tag support [WIP] Add csp meta-tag support Jun 15, 2015
@arikon
Copy link
Member

arikon commented Jun 22, 2015

@tadatuta Вова, посмотри финально, пожалуйста

arikon
arikon reviewed Jun 22, 2015
View reviewed changes
desktop.sets/.bem/level.js
@@ -1 +0,0 @@
exports.baseLevelPath = require.resolve('bem-sets/levels/sets');
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Зачем удаляешь этот файл?

@tadatuta
Copy link
Member

lgtm

@arikon arikon mentioned this pull request Jun 23, 2015
Closed
alexbaumgertner pushed a commit that referenced this pull request Jun 23, 2015
Merge pull request #650 from bem/feature/csp
a18bfe9 
Add csp meta-tag support
@alexbaumgertner alexbaumgertner merged commit a18bfe9 into support/2.x Jun 23, 2015
@alexbaumgertner alexbaumgertner deleted the feature/csp branch June 23, 2015 13:53
narqo
narqo reviewed Jun 23, 2015
View reviewed changes
blocks-common/b-page/b-page.ru.md

`nonce-$RANDOM` разрешает использовать инлайновый JavaScript (`<script>`) и инлайновый CSS (`<style>`), у которых атрибут `nonce` равен `$RANDOM`. Их содержимое не будет заблокировано даже при отсутствии ключевого слова `unsafe-inline`.

Передать свое значение `nonce` можно в поле элемента `csp` BEMJSON блока:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Передать свое значение nonce можно в поле элемента csp BEMJSON блока

В примере ниже, показано что-то другое.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@alexbaumgertner Саша, исправишь хотфиксом?

arikon
arikon reviewed Jun 24, 2015
View reviewed changes
blocks-common/b-page/b-page.ru.md

Список источников в каждой директиве можно гибко настроить:

```javacsript
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Опечатка в javascript

@alexbaumgertner
Copy link
Member Author

@narqo @arikon fixed in 7ef54db

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@alexbaumgertner @arikon @tadatuta @narqo @mishaberezin