Closed sublimator closed 3 years ago
@sublimator does the closed issue mean this change will not be going in?
@wmurphyrd
Sorry, it made it's way in to 0.0.52 which will be published hopefully next week!
- Reduce <script> injected code to just one [#1254](https://github.com/coilhq/web-monetization-projects/pull/1254) [#1503](https://github.com/coilhq/web-monetization-projects/pull/1503)
- Remove 'unsafe-eval' from CSP in favor of sha256 of singular polyfill [#1542](https://github.com/coilhq/web-monetization-projects/pull/1542)
Thanks @sublimator! Does #1542 mean CSP pages will allow the polyfill injection and the separate polyfill will longer be required?
@wmurphyrd
No, depending on the page's CSP policy ( which seems to take precedence ) you may still need to include the polyfill. The main benefit is that it's easier for add-ons to get reviewed/published. The Mozilla/FF add-ons store recently questioned our use of 'unsafe-eval' so we responded by removing it and simply listing the hash of the polyfill.
Thanks.
@sublimator awesome thanks for explaining. New version of web-monetization-polyfill
is published
Coordinate with @wmurphyrd WICG/webmonetization#137