search

hawtio / hawtio-online

Hawtio on Kubernetes/OpenShift
Apache License 2.0
23 stars 25 forks source link

fix(#502): extend CSP to work with monaco-editor #552

Closed mmelko closed 3 weeks ago

mmelko commented 1 month ago

closes #502

phantomjinx commented 1 month ago

@mmelko if you rebase this then the tests should now pass.

grgrzybek commented 1 month ago

Hmm - does this mean it'll work when monaco will be loaded from CDN? What about offline/dmz environments with limited access to Internet? Won't it work when loading from Hawtio origin?

mmelko commented 1 month ago

@grgrzybek hmm valid point. This change comes from PF5 upgrade and it should replace webpack requirements afaik

grgrzybek commented 3 weeks ago

We need to apply these instructions.

grgrzybek commented 3 weeks ago

I'm working on a fix to NOT have https://cdn.jsdelivr.net/npm/monaco-editor specified explicitly in CSP headers...

grgrzybek commented 3 weeks ago

Currently, when viewing Camel source code (which contains <CodeEditor> Patternfly component, we see this: image

grgrzybek commented 3 weeks ago

Looks like it worked with these instructions: image

grgrzybek commented 3 weeks ago

See hawtio/hawtio-next#1186

grgrzybek commented 3 weeks ago

After hawtio/hawtio-next#1187 is merged and new @hawtio/react version is used in Hawtio online, please remove CDN host from CSP header. I'll do the same for hawtio/hawtio's ContentSecurityPolicyFilter.

cc: @phantomjinx