New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
🔓 🐛 safelist cdn scripts in meta tag in landing page #7539
🔓 🐛 safelist cdn scripts in meta tag in landing page #7539
Conversation
✅ Deploy Preview for apollo-server-docs ready!
To edit notification comments on pull requests, go to your Netlify site settings. |
This pull request is automatically built and testable in CodeSandbox. To see build info of the built libraries, click here or the icon next to each commit SHA. Latest deployment of this branch, based on commit c81f738:
|
7264de5
to
fab9453
Compare
013a2e8
to
00deed7
Compare
…nce (sha256 of a uuid) to validate script tags in <meta
00deed7
to
c097098
Compare
ab314c7
to
9a0d2ab
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
Co-authored-by: Trevor Scheer <trevor.scheer@gmail.com>
13739eb
to
c81f738
Compare
This PR was opened by the [Changesets release](https://github.com/changesets/action) GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated. # Releases ## @apollo/server-integration-testsuite@4.7.1 ### Patch Changes - Updated dependencies \[[`5d3c45be9`](5d3c45b)]: - @apollo/server@4.7.1 ## @apollo/server@4.7.1 ### Patch Changes - [#7539](#7539) [`5d3c45be9`](5d3c45b) + [#7540](#7540) [`42897532b`](42897532b5b7f691883988a149156a3294ed5404)Thanks [@mayakoneval](https://github.com/mayakoneval)! - 🐛 Bug Fix for Apollo Server Landing Pages on Safari. A Content Security Policy was added to our landing page html so that Safari can run the inline scripts we use to call the Embedded Sandbox & Explorer. Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Slack context
Pierre found that in Safari the AS embedded Sandbo str8 up doesn't work ?! How long has this been going on without us knowing? Shocked.
Anyways, we needed to add a CSP for Safari to take these scripts seriously, and I did so via
<meta
tag. using thenonce
option.To test
Download the
apollo-server-typescript
code sandbox example & install & run on Safari.