New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove CSP workaround for UserVoice widget #109

Closed
neocotic opened this Issue Jun 6, 2012 · 2 comments

Comments

Projects
None yet
1 participant
@neocotic
Member

neocotic commented Jun 6, 2012

I've been told by UserVoice support that they now support Content Security Policy so I should now be able to remove the workaround I put in place for this problem.

At first glance I can see that they're still using inline JavaScript so I'm not 100% confident it's fully supported, but they may be using external JavaScript event bindings as well. Without my workaround, I guess this will result in an error appearing in the console about the use of inline JavaScript but the widget being opened and closed as expected.

@ghost ghost assigned neocotic Jun 6, 2012

@neocotic

This comment has been minimized.

Show comment
Hide comment
@neocotic

neocotic Jun 6, 2012

Member

CSP still doesn't seem to be supported so I'll get back in touch with UserVoice to get an update.

Member

neocotic commented Jun 6, 2012

CSP still doesn't seem to be supported so I'll get back in touch with UserVoice to get an update.

@neocotic neocotic referenced this issue Apr 22, 2013

Merged

Feedback fix #149

@neocotic

This comment has been minimized.

Show comment
Hide comment
@neocotic

neocotic Apr 22, 2013

Member

This issue has been fixed by #149 and will now be closed.

Member

neocotic commented Apr 22, 2013

This issue has been fixed by #149 and will now be closed.

@neocotic neocotic closed this Apr 22, 2013

@neocotic neocotic added the security label Nov 15, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment