Open patcon opened 5 years ago
Hi @patcon thanks for reporting to us, we just noticed that as well. Will try fix this soon!
Also, if you feel that this is a new change and overbearing (imposing on valid use-cases like yours), please do consider reaching out to GitHub support!
Also, I've found a good tactic is to write my feedback in public in the unofficial isaacs/github
repository, and then simply linking my private email to that page. I feel it's a tactic that keeps feedback public and allows shows of public support that private ticketing systems can't offer <3
I've created a demo book demonstrating the issue with links to websites like GitHub. GitHub uses the CSP
frame-ancestors 'none'
(docs), which prevents the browser from showing it. This results in a blank page and this error in console:Feeling like maybe it's possible to detect this and open in a new tab. I understand that it might NOT be possible to show the proper "new tab" icon with this method, but perhaps an open source repo with a whitelist of domains could allows users to keep a manual list up-to-date, which HackMD could use to know the CSP in advance. Also, the whitelist could just be a list of test urls/domains, and a script could run nightly to determine the policy on its pages.
Anyhow, thanks for the tool, and any consideration! 🙌