The site was not running right in dev mode with the newly enforced CSP headers. Adding a conditional value for dev mode
that should fix this
Details
- Reviewers
bytesofman - Group Reviewers
Restricted Project - Commits
- rABC8d7828782018: [e.cash] modify CSP headers for dev mode
to see the issue: npm run dev on master branch
Should see basically all of the content blocked from headers
then try npm run dev on this branch. Site should load as expected
Can go to the networks tab and check localhost response headers to see the CSP values
then preview with the bot and check the headers to see 'self' is no longer there
Diff Detail
- Repository
- rABC Bitcoin ABC
- Lint
Lint Not Applicable - Unit
Tests Not Applicable
Event Timeline
web/e.cash/next.config.js | ||
---|---|---|
75 ↗ | (On Diff #44537) | Probably easier to see what's going on here, without actually modifying a part of the header below. It's also possible that this makes the dev logs too crowded -- worth testing though If this approach does not work, please implement something similar below, i.e. do not change only part of the header string but change the whole thing so it is clear what we have in dev and what we have in prod |
Yeah the report only really clogs up the console. But yeah sure a non-inline conditional is easier to read. I think we should keep the values as close as possible to the prod values though, so if one catches we see it in dev