Closed glics closed 2 years ago
In nginx.conf, line 48 sets the 'Content-Security-Policy' header:
more_set_headers "Content-Security-Policy: object-src 'none'; frame-ancestors 'self'; form-action 'self'; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-downloads; base-uri 'self';";
This sandboxing mode doesn't include the allow-modals keyword, which results in:
allow-modals
Ignored call to 'alert()'. The document is sandboxed, and the 'allow-modals' keyword is not set.
when trying to call window.alert() from JS. This also applies to window.prompt() and, in my case, window.print().
window.alert()
window.prompt()
window.print()
Is this by design?
@glics - these "security" headers should be treated rather as an example than something opinionated. Feel free to customize them in your own nginx config file.
In nginx.conf, line 48 sets the 'Content-Security-Policy' header:
This sandboxing mode doesn't include the
allow-modals
keyword, which results in:when trying to call
window.alert()
from JS. This also applies towindow.prompt()
and, in my case,window.print()
.Is this by design?