fix(webapp): add missing hashes to CSP #794
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Rotzbua
force-pushed
the
fix_vite_csp
branch
from
8f6f485
to
a9dd5ec
Compare
peterthomassen
requested changes
Nov 7, 2023
There was a problem hiding this comment.
Thanks. Now, unfortunately, the hashes have changed yesterday (see vitejs/vite@4033a32).
How are we going to go about this? -- If they get outdated, it's about as good as not having them at all.
The commit is part of vite v5 which is not released yet. |
|
Mh. Nevertheless, the code comment linking to the source is not correct (it lists the new hashes, not the ones that are in this PR). |
|
So, can you fix the comments such that the point at the source of the hashes? -- If we don't do this, anyone looking at the code some time in the future will be confused. |
Add inline script hashes for `@vitejs/plugin-legacy`:
Warning: the hashes may change with newer releases!
Add the corresponding hashes to your script-src list:
sha256-MS6/3FCg4WjP9gwgaBGwLpRCY6fZBgwmhVCdrPrNf3E=
sha256-tQjf8gvb2ROOMapIxFvFAYBeUJ0v1HCbOcSmDNXGtDo=
sha256-4y/gEB2/KIwZFTfNqwXJq4olzvmQ0S214m9jwKgNXoc=
sha256-+5XkZFazzJo8n0iOP4ti/cLCMUudTf//Mzkb7xNPXIc=
Source:
https://github.com/vitejs/vite/tree/v4/packages/plugin-legacy#content-security-policy
Rotzbua
force-pushed
the
fix_vite_csp
branch
from
d5507bb
to
ef55495
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add inline script hashes for
@vitejs/plugin-legacy:Add the corresponding hashes to your script-src list:
Source:
https://github.com/vitejs/vite/tree/main/packages/plugin-legacy#content-security-policy
Reference
fixes #788