GoogleChromeLabs / webbundle-plugins

A Webpack plugin for generating Web Bundles output.
https://www.npmjs.com/package/webbundle-webpack-plugin
Apache License 2.0
59 stars 11 forks source link

Request for New Release of webbundle-webpack-plugin to Support wss Protocol in CSP #71

Closed davepkxxx closed 11 months ago

davepkxxx commented 11 months ago

Hi,

I've been using webbundle-webpack-plugin@0.1.3 and noticed it doesn't include the wss support that's available in the repo. The last npm release was 7 months ago, and it looks like the wss updates haven't made it into that version.

Could we get a new npm release with the latest changes? It would really help those of us needing wss for secure WebSocket connections in our projects.

Thanks for your work on this plugin and looking forward to the update!

davepkxxx commented 11 months ago

The latest source code in the repository: https://github.com/GoogleChromeLabs/webbundle-plugins/blob/d251f6efbdb41cf8d37b9b7c696fd5c795cdc231/packages/shared/iwa-headers.ts#L29-L33

The code in webbundle-webpack-plugin@0.1.3, no wss: in connect-src https://cdn.jsdelivr.net/npm/webbundle-webpack-plugin@0.1.3/index.cjs#L72-L75

var CSP_HEADER_NAME = "content-security-policy";
var csp = Object.freeze({
  [CSP_HEADER_NAME]: "base-uri 'none'; default-src 'self'; object-src 'none'; frame-src 'self' https: blob: data:; connect-src 'self' https:; script-src 'self' 'wasm-unsafe-eval'; img-src 'self' https: blob: data:; media-src 'self' https: blob: data:; font-src 'self' blob: data:; require-trusted-types-for 'script'; frame-ancestors 'self';"
});
sonkkeli commented 11 months ago

Sorry for that! Done :)