Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

get rid of csp-module and implement secure-renderer #171

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

rommelfreddy
Copy link

hello @jissereitsma

you used your CSP module to implement the nonce for inline-js.

But as already discussed yireo/Yireo_CspWhitelistInlineJs#1 the module is great, but it is only a temporary solution for production.

Each extension developer should implement the secure-renderer to use inline-scripts. also Yireo :)

And then we do not need the separate extension. I don't think it is a good idea to implement the separate extension in all shops automatically, because some shops won't have the extension.

So i hope you understand me, and will approve the PR :)

Thank you!

@jissereitsma
Copy link
Contributor

I'm going to move over the discussion on this over to the NextGenImage PR that is similar: yireo/Yireo_NextGenImages#79

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants