Skip to content
GitLab

Update officejs support request app for strict CSP 

This is a first step to stop using "unsafe" web sections.

This updates support request app to not require `script-src: unsafe-eval` and `style-src: unsafe-inline` in the CSP.
Dropping `script-src: unsafe-eval` is made possible by using domsugar instead of handlebars for dynamic content. Dropping `style-src: unsafe-inline` by using CSS files instead of inline `style` attributes in the DOM. One minor regression is that the tooltips from the graph on the front page gadget will cause warning because of `unsafe-inline` and not render the series color.

This application was also modernized a bit, it now uses the HTML viewer gadget to display post contents and supports translation.

See merge request !1821
8 jobs for feat/zmi-activity-tool
in 0 seconds, using 0 compute credits, and was queued for 0 seconds
2dc9f19a
No related merge requests found.
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7