fix

google · Aug 3, 2024 · c69cb1f · c69cb1f
1 parent efeeb1a
commit c69cb1f
Show file tree

Hide file tree

Showing 8 changed files with 39 additions and 5 deletions.
diff --git a/mesop/examples/web_component/code_mirror_editor/code_mirror_editor_app.py b/mesop/examples/web_component/code_mirror_editor/code_mirror_editor_app.py
@@ -20,7 +20,11 @@ class State:
       "https://cdnjs.cloudflare.com",
       "*.fonts.gstatic.com",
     ],
-    allowed_script_srcs=["https://cdnjs.cloudflare.com", "*.fonts.gstatic.com"],
+    allowed_script_srcs=[
+      "https://cdnjs.cloudflare.com",
+      "*.fonts.gstatic.com",
+      "https://cdn.jsdelivr.net",
+    ],
   ),
 )
 def page():

diff --git a/mesop/examples/web_component/copy_to_clipboard/copy_to_clipboard_app.py b/mesop/examples/web_component/copy_to_clipboard/copy_to_clipboard_app.py
@@ -15,6 +15,11 @@
 
 @me.page(
   path="/web_component/copy_to_clipboard/copy_to_clipboard_app",
+  security_policy=me.SecurityPolicy(
+    allowed_script_srcs=[
+      "https://cdn.jsdelivr.net",
+    ]
+  ),
 )
 def page():
   with me.box(

diff --git a/mesop/examples/web_component/custom_font_csp_repro/custom_font_app.py b/mesop/examples/web_component/custom_font_csp_repro/custom_font_app.py
@@ -17,6 +17,11 @@
   stylesheets=[
     "https://fonts.googleapis.com/css2?family=Inter+Tight:ital,wght@0,100..900;1,100..900&family=Inter:[email protected]&display=swap",
   ],
+  security_policy=me.SecurityPolicy(
+    allowed_script_srcs=[
+      "https://cdn.jsdelivr.net",
+    ]
+  ),
 )
 def page():
   me.text("Custom font: Inter Tight", style=me.Style(font_family="Inter Tight"))

diff --git a/mesop/examples/web_component/firebase_auth/firebase_auth_app.py b/mesop/examples/web_component/firebase_auth/firebase_auth_app.py
@@ -21,7 +21,11 @@
   security_policy=me.SecurityPolicy(
     dangerously_disable_trusted_types=True,
     allowed_connect_srcs=["*.googleapis.com"],
-    allowed_script_srcs=["*.google.com"],
+    allowed_script_srcs=[
+      "*.google.com",
+      "https://www.gstatic.com",
+      "https://cdn.jsdelivr.net",
+    ],
   ),
 )
 def page():

diff --git a/mesop/examples/web_component/plotly/plotly_app.py b/mesop/examples/web_component/plotly/plotly_app.py
@@ -11,7 +11,13 @@
   #
   # Disabling trusted types because plotly uses DomParser#parseFromString
   # which violates TrustedHTML assignment.
-  security_policy=me.SecurityPolicy(dangerously_disable_trusted_types=True),
+  security_policy=me.SecurityPolicy(
+    allowed_script_srcs=[
+      "https://cdn.jsdelivr.net",
+      "https://cdn.plot.ly",
+    ],
+    dangerously_disable_trusted_types=True,
+  ),
 )
 def page():
   plotly_component()
diff --git a/mesop/examples/web_component/shared_js_module/shared_js_module_app.py b/mesop/examples/web_component/shared_js_module/shared_js_module_app.py
@@ -6,6 +6,11 @@
 
 @me.page(
   path="/web_component/shared_js_module/shared_js_module_app",
+  security_policy=me.SecurityPolicy(
+    allowed_script_srcs=[
+      "https://cdn.jsdelivr.net",
+    ]
+  ),
 )
 def page():
   me.text("Loaded")

diff --git a/mesop/examples/web_component/slot/slot_app.py b/mesop/examples/web_component/slot/slot_app.py
@@ -12,6 +12,11 @@
 
 @me.page(
   path="/web_component/slot/slot_app",
+  security_policy=me.SecurityPolicy(
+    allowed_script_srcs=[
+      "https://cdn.jsdelivr.net",
+    ]
+  ),
 )
 def page():
   with outer_component(

diff --git a/mesop/tests/e2e/web_components/shared_js_module_test.ts b/mesop/tests/e2e/web_components/shared_js_module_test.ts
@@ -2,8 +2,8 @@ import {test, expect} from '@playwright/test';
 
 test('web components - shared JS module', async ({page}) => {
   await page.goto('/web_component/shared_js_module/shared_js_module_app');
-  expect(page.getByText('Loaded')).toBeVisible();
-  expect(
+  await expect(page.getByText('Loaded')).toBeVisible();
+  await expect(
     page.getByText('value from shared module: shared_module.js'),
   ).toBeVisible();
 });