danlewis
commented
6 years ago Any action on this issue? Our CSP is also restricting access due to the inline JS
Closed onemanstartup closed 5 years ago
danlewis
commented
6 years ago Any action on this issue? Our CSP is also restricting access due to the inline JS
george
commented
6 years ago bump
I'm using csp headers and they are restricting to run inline scripts. I made small changes and it removes inline script
https://github.com/onemanstartup/graphiql-rails/commit/20f7647232efafa9df350d5e328211a14e470073 - here I removed inline script and add csrf_meta_tag to get this value in js https://github.com/onemanstartup/graphiql-rails/commit/af152de585dea67d4b1425735d6f3d32ebbacaf9 (here I removed some options besides csrf token, because I'm not using this options yet and don't know how to better pass the data into script.
What do you think? Is this something worth doing? I think is is also gives ability to embed graphiql in another view layer by requiring only one file.