search

AykutSarac / jsoncrack.com

✨ Innovative and open-source visualization application that transforms various data formats, such as JSON, YAML, XML, CSV and more, into interactive graphs.
https://jsoncrack.com/
Other
33.5k stars 2.15k forks source link

Container with CSP and offline support #226

Open GAS85 opened 2 years ago

GAS85 commented 2 years ago

Feature

Jsoncrack editor will call multiple external domains (cloudflare, gstatic, googletagmanager, sentry.io) to fetch css, js, etc additional data. This is makes it hard to deploy on servers with limited CSP settings, and require additional Security and Privacy User agreement. изображение

It would be nice to have kind of "offline" editor Version, e.g. managed via variables give admin opportunity to disable external sites calling and fetch static data only from the container.

Alternative solutions or implementations

Such approach is implemented in swagger editor v4, where admin can even disable parts of the editor simply via variables. Basically ether before to build container source code should be cleaned up from the external resources and replaced with local links, or by container start.

Other context

E.g. how it was done for other project. https://github.com/amnuts/opcache-gui/issues/84

AykutSarac commented 2 years ago

Actually a PWA exists for the app but seem to be disabled for some reason, which was caching the homepage for offline callback so you were able to access it without internet. I'll review to alternatives available.

mpern commented 1 year ago

Asking the naive question: is there a way to bundle (webpack, rollup ...) the whole thing and don't access any third party resources over the network at all at runtime?

GAS85 commented 1 year ago

This is a point of this ticket - zero access to 3rd party resources.