1
0
Fork 0
forked from OpenNeo/impress
impress/app
Matchu 7ec900b6b6 Use {script,style}_src instead of _elem, for better compatibility
Oh, I didn't realize the `_elem` variant of these parts of the
`Content-Security-Policy` is newer, and so doesn't even work on my
current version of Safari on my Mac.

My rationale at the time was: `script_src_elem` is stricter against
things like imports, and I figured, ok let's do the strictest policy
that works. But since it's not fully compatible with browsers even
*I'm* using right now, and I'm not aware of an actual problem it would
prevent, let's back off that a bit! This should have the same effective
security properties for our case.

Note that the effect of this compatibility issue wasn't *weakening* the
policy; it was being *too* strict, by blocking the scripts and the
stylesheets. This is because `script_src_elem` was ignored, and
`script_src` was absent, so it fell back to `default_src none`.
2024-07-06 12:52:00 -07:00
..
assets Use "morphing" for smoother item page preview changes 2024-07-03 21:52:43 -07:00
controllers Use {script,style}_src instead of _elem, for better compatibility 2024-07-06 12:52:00 -07:00
helpers Refactor outfit_viewer_layers helper to just be inlined into template 2024-07-02 22:03:43 -07:00
javascript Refactor item page outfit-layer to use Web Components 2024-07-02 22:24:26 -07:00
mailers/fundraising Move most fundraising files into a Fundraising module 2024-02-18 20:12:14 -08:00
models swf_assets/show action to embed a canvas movie in a sandboxed iframe 2024-07-03 19:50:41 -07:00
services Load *all* NC Mall pages in nc_mall:sync 2024-05-10 17:39:40 -07:00
views Use "morphing" for smoother item page preview changes 2024-07-03 21:52:43 -07:00