Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
Pages: 1
TXP-dev and strict CSP rules
Dev now implements a new way of loading CSS and JS admin files, and inline JS blocks, which would allow for stricter CSP rules. The basic functionality seems to work fine, not sure yet about the strict(er) CSP handling as I cannot currently test this on localhost.
Does this also affect the way an admin theme would load custom CSS + JS files (files defined by the end user) and eventually inline CSS or JS blocks ? IOW, will those files (and inline blocks) be subjected to the same mechanism to handle strict CSP rules ?
–^–
The path to those custom CSS + JS files seems to be set in Theme.php, an admin theme can specify a different path in the theme PHP file.
from phw_sandspace.php, courtesy of Makks at the time:
function html_head()
{
// Specify path for custom CSS + JS - see README for usage instructions.
$this->cssPath = 'custom';
$this->jsPath = 'custom';Where is that emoji for a solar powered submarine when you need it ?
Sand space – admin theme for Textpattern
Offline
Re: TXP-dev and strict CSP rules
That is a good point, will investigate soon. The custom CSS/JS will probably need to use the new UI\Style and UI\Script widgets respectively, so they get the nonce attribute applied to them, which can then be passed by the recommended CSP rules.
Offline
Re: TXP-dev and strict CSP rules
OK, I’ve amended dev branch now to also load custom JS/CSS with the new widgets, which should fix this.
Offline
Re: TXP-dev and strict CSP rules
philwareham wrote #325290:
OK, I’ve amended dev branch now to also load custom JS/CSS with the new widgets, which should fix this.
Thanks!
One more issue removed.
Where is that emoji for a solar powered submarine when you need it ?
Sand space – admin theme for Textpattern
Offline
Re: TXP-dev and strict CSP rules
phiw13 wrote #325293:
One more issue removed.
Hmm, hold on – it helps with really testing:
Fatal error
Uncaught Error: Class 'Textpattern\Admin\Txp' not found in /Users/[username]/Sites/_txptest/textpattern/vendors/Textpattern/Admin/Theme.php:371 Stack trace: #0 /Users/[username]/Sites/_txptest/textpattern/lib/txplib_head.php(165): Textpattern\Admin\Theme->html_head_custom() #1 /Users/[username]/Sites/_txptest/textpattern/include/txp_image.php(80): pagetop('Images', '') #2 /Users/[username]/Sites/_txptest/textpattern/include/txp_image.php(66): image_list() #3 /Users/[username]/Sites/_txptest/textpattern/index.php(228): include('/Users/[username]/S...') #4 {main} thrown in
/Users/[username]/Sites/_txptest/textpattern/vendors/Textpattern/Admin/Theme.php
on line
371Where is that emoji for a solar powered submarine when you need it ?
Sand space – admin theme for Textpattern
Offline
Re: TXP-dev and strict CSP rules
Really fixed now 😀
Offline
Re: TXP-dev and strict CSP rules
philwareham wrote #325298:
Really fixed now 😀
Yay! will do some more (basic) testing tomorrow or so. Thanks.
Where is that emoji for a solar powered submarine when you need it ?
Sand space – admin theme for Textpattern
Offline
Pages: 1