IntenseWebs/discourse
3
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-25 18:55:32 -06:00
Code Issues Packages Projects Releases Wiki Activity
b1f74ab59e
discourse/app/assets/javascripts
History
David Taylor b1f74ab59e
FEATURE: Add experimental option for strict-dynamic CSP (#25664) 
The strict-dynamic CSP directive is supported in all our target browsers, and makes for a much simpler configuration. Instead of allowlisting paths, we use a per-request nonce to authorize `<script>` tags, and then those scripts are allowed to load additional scripts (or add additional inline scripts) without restriction.

This becomes especially useful when admins want to add external scripts like Google Tag Manager, or advertising scripts, which then go on to load a ton of other scripts.

All script tags introduced via themes will automatically have the nonce attribute applied, so it should be zero-effort for theme developers. Plugins *may* need some changes if they are inserting their own script tags.

This commit introduces a strict-dynamic-based CSP behind an experimental `content_security_policy_strict_dynamic` site setting.
2024-02-16 11:16:54 +00:00
..
admin FEATURE: Groundwork for schema theme settings UI (#25673) 2024-02-16 09:31:49 +03:00
bootstrap-json FEATURE: Add experimental option for strict-dynamic CSP (#25664) 2024-02-16 11:16:54 +00:00
deprecation-silencer DEV: Unsilence link-to deprecation for ember-cli build (#25197) 2024-01-10 11:01:57 +00:00
dialog-holder Build(deps-dev): Bump webpack from 5.90.1 to 5.90.2 in /app/assets/javascripts (#25710) 2024-02-15 22:33:45 +01:00
discourse FEATURE: Groundwork for schema theme settings UI (#25673) 2024-02-16 09:31:49 +03:00
discourse-common Build(deps-dev): Bump webpack from 5.90.1 to 5.90.2 in /app/assets/javascripts (#25710) 2024-02-15 22:33:45 +01:00
discourse-hbr Build(deps-dev): Bump webpack from 5.90.1 to 5.90.2 in /app/assets/javascripts (#25710) 2024-02-15 22:33:45 +01:00
discourse-i18n Build(deps): Bump the embroider group (#24391) 2023-11-16 12:31:25 +01:00
discourse-markdown-it FEATURE: Auto generate and display video preview image (#25633) 2024-02-14 13:43:53 -07:00
discourse-plugins Build(deps-dev): Bump webpack from 5.90.1 to 5.90.2 in /app/assets/javascripts (#25710) 2024-02-15 22:33:45 +01:00
discourse-widget-hbs Build(deps-dev): Bump webpack from 5.90.1 to 5.90.2 in /app/assets/javascripts (#25710) 2024-02-15 22:33:45 +01:00
docs DEV: enforces eslint’s curly rule to the codebase (#10720) 2020-09-22 16:28:28 +02:00
ember-addons DEV: Remove ember-addons (#9559) 2020-04-28 10:14:49 -04:00
ember-cli-progress-ci DEV: Add progress output in CI during ember-cli build (#17977) 2022-08-17 22:39:52 +01:00
ember-production-deprecations DEV: Add production-mode shim for Em deprecation (#25109) 2024-01-03 10:39:59 +00:00
float-kit Build(deps-dev): Bump webpack from 5.90.1 to 5.90.2 in /app/assets/javascripts (#25710) 2024-02-15 22:33:45 +01:00
locales DEV: convert I18n pseudo package into real package (discourse-i18n) (#23867) 2023-10-12 14:44:01 +01:00
patches DEV: Bump content-tag to 2.0.1 (#25541) 2024-02-02 13:33:29 +01:00
pretty-text Build(deps-dev): Bump webpack from 5.90.1 to 5.90.2 in /app/assets/javascripts (#25710) 2024-02-15 22:33:45 +01:00
select-kit Build(deps-dev): Bump webpack from 5.90.1 to 5.90.2 in /app/assets/javascripts (#25710) 2024-02-15 22:33:45 +01:00
theme-transpiler Build(deps): Bump terser from 5.27.0 to 5.27.1 in /app/assets/javascripts (#25711) 2024-02-15 22:34:05 +01:00
truth-helpers Build(deps-dev): Bump webpack from 5.90.1 to 5.90.2 in /app/assets/javascripts (#25710) 2024-02-15 22:33:45 +01:00
.licensee.json DEV: Use webpack to load table-builder dependencies (#25018) 2024-01-02 10:47:47 +00:00
.npmrc DEV: Prevent npm usage (#13945) 2021-08-04 22:04:58 +02:00
handlebars-shim.js FIX: It seems sometimes shims are evaluated by older JS engines (#11813) 2021-01-22 10:41:01 -05:00
package-ember3.json DEV: Use ember 5 in package.json files by default (#25207) 2024-01-10 18:30:50 +01:00
package-ember5.json DEV: Use ember 5 in package.json files by default (#25207) 2024-01-10 18:30:50 +01:00
package.json DEV: Switch default Ember version to 5 (#25203) 2024-01-10 12:12:36 +00:00
polyfills.js Drop support for iOS < 15.7 (#19847) 2023-01-16 17:28:59 +00:00
run-patch-package DEV: Automatically retry patch-package on failure (#23583) 2023-09-14 12:25:06 +01:00
service-worker.js.erb FIX: Service worker push notifications when cache disabled (#25610) 2024-02-08 11:55:32 +00:00
yarn-ember3.lock Build(deps): Bump terser from 5.27.0 to 5.27.1 in /app/assets/javascripts (#25711) 2024-02-15 22:34:05 +01:00
yarn-ember5.lock Build(deps): Bump terser from 5.27.0 to 5.27.1 in /app/assets/javascripts (#25711) 2024-02-15 22:34:05 +01:00
yarn.lock DEV: Switch default Ember version to 5 (#25203) 2024-01-10 12:12:36 +00:00