JQ is disabled on strict CSP #15
Comments
Closed
|
guess we'll deal with it 🤷 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Description
When I load a json from a remote host served with strict Content Security Policy (CSP) rules, the JQ filter bar is not showing.
Example: https://api.github.com/users/paolosimone/repos
Details
This happens because JQ filtering relies on WebAssembly, but WASM execution is enabled only if CSP allows the execution of unsafe code (
'script-src': 'unsafe-eval')... even if the wasm file is the one bundled with the extension package!References:
Why not Sandbox?
The recommended approach is to run wasm code in a sandbox and send/receive data through message passing. This solution introduces an additional overhead due to serialization/deserialization of the message content (in our case, the JSON itself).
How much overhead? Will it continue to work smoothly with ~10MB json?
Don't know, I guess we could give it a try (at least as a fallback strategy) before jumping to conclusion.
But I want to use the interactive JQ feature now
I feel you. In the meantime you could download the json (floppy disk icon) and load the file in the browser.
The text was updated successfully, but these errors were encountered: