Reworks CSP and CSS in demos; noop #290
Conversation
| below to allow any access to https://esm.sh/. You wouldn’t want to do | ||
| that on a production site, this is just for the demo. --> | ||
| <meta http-equiv="content-security-policy" content="default-src 'self'; script-src 'self' 'sha256-tqJYP2BfE6OLuQk1TacH2iYQga16y7fS413atm5uM9o=' https://esm.sh/;"> | ||
| <meta http-equiv="content-security-policy" content=" |
There was a problem hiding this comment.
the people must know
There was a problem hiding this comment.
Fair enough. I was definitely waffling on this one.
There was a problem hiding this comment.
for me it is important to be able to be able to compare and contrast the requirements for each integration. also wanted to avoid perpetuating less secure solutions that could be copy+pasted directly regardless of whatever caveats we write in comments
There was a problem hiding this comment.
For sure, I had just stopped when I was pasting %-encoded cruft. Will it work if we rewrite it as 'https://esm.sh/udomdiff@^1.1.0'?
| @@ -10,7 +10,7 @@ | |||
| } | |||
| } | |||
| </script> | |||
| <script type="module" src="./demo-lit-html.js"></script> | |||
| <script type="module" blocking="render" src="./demo-lit-html.js"></script> | |||
demo/performance/lit-html.html
Outdated
| default-src 'self'; | ||
| script-src 'self' 'unsafe-eval' 'sha256-2gPcHEAV/bRWIxMnz3UA5z6w2m9RdFis8ZAa8Y/EZVg=' | ||
| https://esm.sh/[email protected] | ||
| https://esm.sh/[email protected]/;"> |
There was a problem hiding this comment.
I was one-lining this stuff because any other formatting choice seemed wonky. I’m totally fine with this for now, but I think we might want to take a moment to discuss the conventions here 🤙
demo/performance/react.html
Outdated
| https://esm.sh/[email protected]/ | ||
| https://esm.sh/[email protected]/ | ||
| https://esm.sh/scheduler@%5E0.23.2 | ||
| https://esm.sh/[email protected]/;"> |
There was a problem hiding this comment.
Oh, you did the thing. Nice.
| https://esm.sh/[email protected]/ | ||
| https://esm.sh/custom-function@^1.0.6/ | ||
| https://esm.sh/[email protected]/ | ||
| https://esm.sh/@webreflection/;"> |
There was a problem hiding this comment.
^^ I like this formatting style. Mind making it consistent for the other CSP declarations?
MIME TYPE TEXT/CSS ... NO BIG DEAL