New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add csp meta-tag support #650
Conversation
|
||
attrs: { | ||
'http-equiv': 'Content-Security-Policy', | ||
'content': Object.keys(this.ctx.policies).map(function(name) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
won't work in IE < 9
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This template wil never work in browser. According w3c, inserting meta tag in browser doesn't work.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure W3C can help us with
BEM.DOM.decl('page', {
onDoSomething: function() {
BEM.DOM.replace(this.domElem, BEMHTML.apply({
block: 'page',
content: { elem: 'csp' }
}));
}
});
;)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@alexbaumgertner Let's add deps from i-ecma__object
, in 3.x it could be an issue.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
And i-ecma__array
for map
c6a856f
to
685cf18
Compare
|
||
ctx.policies = this.extend(defaultPolicies, ctx.policies); | ||
|
||
// Параметр nonce распространяется только на <script> и <style>. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you please translate comments into English?
ccdd1c8
to
35f04a9
Compare
@tadatuta @mishaberezin Fixes |
ea823aa
to
5cc508e
Compare
@tadatuta Вова, посмотри финально, пожалуйста |
@@ -1 +0,0 @@ | |||
exports.baseLevelPath = require.resolve('bem-sets/levels/sets'); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Зачем удаляешь этот файл?
lgtm |
5cc508e
to
1bcc007
Compare
Add csp meta-tag support
|
||
`nonce-$RANDOM` разрешает использовать инлайновый JavaScript (`<script>`) и инлайновый CSS (`<style>`), у которых атрибут `nonce` равен `$RANDOM`. Их содержимое не будет заблокировано даже при отсутствии ключевого слова `unsafe-inline`. | ||
|
||
Передать свое значение `nonce` можно в поле элемента `csp` BEMJSON блока: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Передать свое значение
nonce
можно в поле элементаcsp
BEMJSON блока
В примере ниже, показано что-то другое.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@alexbaumgertner Саша, исправишь хотфиксом?
|
||
Список источников в каждой директиве можно гибко настроить: | ||
|
||
```javacsript |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Опечатка в javascript
No description provided.