search

hyva-themes / magento2-hyva-admin

This module aims to make creating grids and forms in the Magento 2 adminhtml area joyful and fast.
https://hyva-themes.github.io/magento2-hyva-admin/
BSD 3-Clause "New" or "Revised" License
168 stars 39 forks source link

Alpine.js CDN Content Security Warning #2

Closed paugnu closed 3 years ago

paugnu commented 3 years ago

Hi,

When browsing Hyva Admin Grids I'm getting the following error in the javascript console:

[Report Only] Refused to load the script 'https://cdn.jsdelivr.net/gh/alpinejs/alpine@v2.x.x/dist/alpine.js' because it violates the following Content Security Policy directive: "script-src...

Steps to reproduce:

  1. In a fresh install of Magento 2 with sample data, Install hyva-themes/magento2-hyva-admin and hyva-themes/magento2-hyva-admin-test
  2. Go to System » Tools » Hyva Test
  3. Open the js Console in Chrome and reload the page
  4. You'll see the mentioned error above in the js Console

This error is related to the Magento 2 Content Security Police and could be solved easily by adding the 'exceptions' to the config.xml and csp_whitelist.xml files (already tested and worked fine).

However, before sending a PR: should this library be included as a project js file or is it better to use the cdn file? (I don't know what the best practice is)

wigman commented 3 years ago

Hi @paugnu,

thanks for reporting and offering to create a PR!

having it locally would actually be preferred indeed. I suppose view/js/alpinejs.js would be a good place, but feel free to suggest anything else.

cheers!