Work with browser-policy disallowInlineScripts()

gadicc / meteor-headers

Access HTTP headers on both server and client. Client IP with proxy support.

https://atmospherejs.com/gadicohen/headers

GNU Lesser General Public License v3.0

61 stars 21 forks source link

Work with browser-policy disallowInlineScripts() #19

Closed gadicc closed 10 years ago

gadicc commented 10 years ago

With the above browser policy, headers can't be injected anymore. __meteor_runtime_config__ works on a similar principle and with the above security policy in place, loads the data in a seperate payload (http://docs.meteor.com/#browserpolicy).

So, we should reimplement our old strategy for retrieving headers, for this case, and for https://github.com/gadicohen/meteor-headers/issues/11.

gadicc commented 10 years ago

Fixed in 0.0.16 with commit https://github.com/gadicohen/meteor-headers/commit/a655ef825cc14238f3811f666fff46740bdeb7b1