Open keith-ellis-sillek opened 1 year ago
I have the same issue, I wrote a custom component to embed a script in order to be able to add a comment box inside a side panel but the script gets blocked, custom components should be able to allow for external scripts to be loaded or at least should be possible to extend the CSP directive
Refused to load the script 'https://cdn.commento.io/js/commento.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.budibase.net https://cdn.budi.live https://js.intercomcdn.com https://widget.intercom.io". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
This issue has been automatically marked as stale because it has not had recent activity.
Hey @keith-ellis-sillek
I was going to test this one, however you do not have a release tied to the plugin repo. You'll need to add the release.yml, update the version number in the package.json, and then push up those changes.
I never got a response, so I didn't post it to the plugins directory. For this to work, the Nginx server has to be configured to allow the Google Captcha code to come through. I could do it on my private instance, but unless the change is made in the Cloud deployment, it won't work for those users. Any standalone instances would also have to change their nginx instance, which just seemed too much to ask a Budibase nocode developer to do.
Here is my code if you want to take a look.
https://github.com/keith-ellis-sillek/budibase-recaptura-v2
Keith Ellis @.*** 410-903-4027
On Wed, Dec 20, 2023 at 11:41 AM melohagan @.***> wrote:
Hey @keith-ellis-sillek https://github.com/keith-ellis-sillek
I was going to test this one, however you do not have a release tied to the plugin repo. You'll need to add the release.yml, update the version number in the package.json, and then push up those changes.
— Reply to this email directly, view it on GitHub https://github.com/Budibase/budibase/issues/9679#issuecomment-1864799601, or unsubscribe https://github.com/notifications/unsubscribe-auth/AXKDKUUJ6NATMKSORWT3KXTYKMINJAVCNFSM6AAAAAAU24B3R6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNRUG44TSNRQGE . You are receiving this because you were mentioned.Message ID: @.***>
It does work on my instance as expected.
Keith Ellis @.*** 410-903-4027
On Wed, Dec 20, 2023 at 11:41 AM melohagan @.***> wrote:
Hey @keith-ellis-sillek https://github.com/keith-ellis-sillek
I was going to test this one, however you do not have a release tied to the plugin repo. You'll need to add the release.yml, update the version number in the package.json, and then push up those changes.
— Reply to this email directly, view it on GitHub https://github.com/Budibase/budibase/issues/9679#issuecomment-1864799601, or unsubscribe https://github.com/notifications/unsubscribe-auth/AXKDKUUJ6NATMKSORWT3KXTYKMINJAVCNFSM6AAAAAAU24B3R6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNRUG44TSNRQGE . You are receiving this because you were mentioned.Message ID: @.***>
Checklist
Hosting
Describe the bug I created a custom component for Budibase here - https://github.com/keith-ellis-sillek/budibase-recaptura-v2 It works beautifully in development on localhost. However, when I deploy, it fails CSP for https://www.google.com/recaptcha/api.js I understand that you don't want to add just anyone's libraries, but could you add google's?
To Reproduce Steps to reproduce the behavior:
Expected behavior Like it to render?!
Screenshots On a plane, but will try to post when I land
App Export If possible - please attach an export of your budibase application for debugging/reproduction purposes.
Desktop (please complete the following information):
Additional context
BUDI-6604