You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have noticed that whenever we make changes or add new features to the plugin, the UI for the plugin breaks. I am guessing because whatever that sha is supposed to denote changes when you modify the source code of the plugin. We were defaulting to completely removing CSP during development, which is of course non ideal.
To be able to proceed for now, we've updated the csp to contain this style-src https://fonts.googleapis.com 'self' 'unsafe-inline
I would like us to understand and document how CSP for style works. And what we can do to ensure we stay secure without breaking the plugin UI as new features are added.
The text was updated successfully, but these errors were encountered:
We had a CSP entry for style-src that looked like this
I have noticed that whenever we make changes or add new features to the plugin, the UI for the plugin breaks. I am guessing because whatever that sha is supposed to denote changes when you modify the source code of the plugin. We were defaulting to completely removing CSP during development, which is of course non ideal.
To be able to proceed for now, we've updated the csp to contain this
style-src https://fonts.googleapis.com 'self' 'unsafe-inline
I would like us to understand and document how CSP for style works. And what we can do to ensure we stay secure without breaking the plugin UI as new features are added.
The text was updated successfully, but these errors were encountered: