Skip to content

Add Content Security Policy #879

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Jun 27, 2025
Merged

Add Content Security Policy #879

merged 4 commits into from
Jun 27, 2025

Conversation

apognu
Copy link
Contributor

@apognu apognu commented May 15, 2025

No description provided.

@apognu apognu self-assigned this May 15, 2025
@apognu apognu added enhancement New feature or request do-not-merge labels May 15, 2025
@ChibiBlasphem ChibiBlasphem force-pushed the poc/csp branch 4 times, most recently from f09330e to a9b8945 Compare June 19, 2025 08:37
@ChibiBlasphem ChibiBlasphem marked this pull request as ready for review June 19, 2025 08:38
@ChibiBlasphem ChibiBlasphem force-pushed the poc/csp branch 3 times, most recently from 8447473 to 7544e91 Compare June 19, 2025 08:43
siiick
siiick approved these changes Jun 19, 2025
View reviewed changes
Copy link
Contributor

@siiick siiick left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks gorgeous to me !

packages/app-builder/src/utils/environment.ts
FIREBASE_APP_ID: z.string().optional(),
METABASE_URL: z.string().optional(),

// FIREBASE_AUTH_EMULATOR_HOST: z.string().optional(),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should we keep this commented line ?

packages/app-builder/src/routes/_auth+/sign-in.tsx
Comment on lines +32 to +34
const [err, appConfig] = await tryit(() => appConfigRepository.getAppConfig())();

if (ssoResponse.status === 'rejected') {
console.error('Error fetching internal SSO-enabled API');
}
if (signInStatusResponse.status === 'rejected') {
console.error('Error fetching internal signup-status API');
if (err) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Silly question: Should we consider tryit a standard?
I’d naturally lean toward using a regular try/catch block in this case, but I’m okay with adopting this method more if that’s the direction we’re going.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Error values > Exceptions 🥷

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

let the religion wars begin 🙊
joke aside, I rather like go's error values, but I wonder too if it's idiomatic in js 🤔

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wasn't really opinionated before needing to no repeat code uselessly.

Pascal-Delange
Pascal-Delange approved these changes Jun 19, 2025
View reviewed changes
Copy link
Contributor

@Pascal-Delange Pascal-Delange left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

really cool 👍

packages/app-builder/src/routes/_auth+/sign-in.tsx
Comment on lines +32 to +34
const [err, appConfig] = await tryit(() => appConfigRepository.getAppConfig())();

if (ssoResponse.status === 'rejected') {
console.error('Error fetching internal SSO-enabled API');
}
if (signInStatusResponse.status === 'rejected') {
console.error('Error fetching internal signup-status API');
if (err) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

let the religion wars begin 🙊
joke aside, I rather like go's error values, but I wonder too if it's idiomatic in js 🤔

@ChibiBlasphem ChibiBlasphem force-pushed the poc/csp branch 2 times, most recently from 2acc69e to e34b609 Compare June 27, 2025 15:57
@ChibiBlasphem ChibiBlasphem merged commit 8503fbc into main Jun 27, 2025
4 checks passed
@ChibiBlasphem ChibiBlasphem deleted the poc/csp branch June 27, 2025 16:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ChibiBlasphem ChibiBlasphem ChibiBlasphem left review comments

@siiick siiick siiick approved these changes

@Pascal-Delange Pascal-Delange Pascal-Delange approved these changes

Assignees

@apognu apognu

Labels
do-not-merge enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@apognu @siiick @ChibiBlasphem @Pascal-Delange