Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit7566f56

Browse files
committed
support csp exceptions
Signed-off-by: shmck <shawn.j.mckay@gmail.com>
1 parentf287d5d commit7566f56

File tree

3 files changed

+15
-0
lines changed

3 files changed

+15
-0
lines changed

‎docs/docs/env-vars.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,8 @@ CodeRoad has a number of configurations:
1616

1717
-`CODEROAD_ADMIN_MODE` - a mode for tutorial developers. Under the "Review" page, you can jump around between levels & steps to test development. Defaults`false`.
1818

19+
-`CODEROAD_CONTENT_SECURITY_POLICY_EXEMPTIONS` - a list of CSP exemption hashes. For multiples, separate the list with a space.
20+
1921
##How to Use Variables
2022

2123
###Local

‎src/environment.ts

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -38,3 +38,8 @@ if (!supportedOS.includes(OS_PLATFORM)) {
3838
exportconstTUTORIAL_URL:string|null=process.env.CODEROAD_TUTORIAL_URL||null
3939

4040
exportconstDISABLE_RUN_ON_SAVE=(process.env.CODEROAD_DISABLE_RUN_ON_SAVE||'').toLowerCase()==='true'
41+
42+
// bypass "Refused to execute inline script because it violates the following Content Security Policy directive" issue
43+
// for multiple exemptions, separate each with a space "a1 b1"
44+
exportconstCONTENT_SECURITY_POLICY_EXEMPTIONS:string|null=
45+
process.env.CODEROAD_CONTENT_SECURITY_POLICY_EXEMPTIONS||null

‎src/services/webview/render.ts

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@ import { JSDOM } from 'jsdom'
22
import*aspathfrom'path'
33
import*asvscodefrom'vscode'
44
import{onError}from'../telemetry'
5+
import{CONTENT_SECURITY_POLICY_EXEMPTIONS}from'../../environment'
56

67
constgetNonce=():string=>{
78
lettext=''
@@ -46,6 +47,13 @@ async function render(panel: vscode.WebviewPanel, rootPath: string): Promise<voi
4647
}
4748
}
4849

50+
// support additional CSP exemptions when CodeRoad is embedded
51+
if(CONTENT_SECURITY_POLICY_EXEMPTIONS&&CONTENT_SECURITY_POLICY_EXEMPTIONS.length){
52+
for(constexemptionofCONTENT_SECURITY_POLICY_EXEMPTIONS.split(' ')){
53+
nonces.push(exemption)
54+
}
55+
}
56+
4957
// add run-time script from webpack
5058
construnTimeScript=document.createElement('script')
5159
runTimeScript.nonce=getNonce()

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp