couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <>
Subject [jira] [Commented] (COUCHDB-2238) Do not reference netdna CDN for Font Awesome icons in production
Date Sun, 18 May 2014 22:20:38 GMT


ASF GitHub Bot commented on COUCHDB-2238:

Github user robertkowalski commented on a diff in the pull request:
    --- Diff: src/couchdb/couch_httpd_misc_handlers.erl ---
    @@ -79,6 +80,15 @@ handle_utils_dir_req(#httpd{method='GET'}=Req, DocumentRoot) ->
     handle_utils_dir_req(Req, _) ->
         send_method_not_allowed(Req, "GET,HEAD").
    +maybe_add_csp_headers(Headers, "false") ->
    +    Headers;
    +maybe_add_csp_headers(Headers, "true") ->
    +    DefaultValues = "default-src 'self'; img-src *; font-src *; " ++
    --- End diff --
    Good questions! Here are the points I found:
    - Regarding fonts: we are loading currently fonts from a netdna cdn, I want to remove
this already in
    - `unsafe-eval`: our dependency lodash needs it for the templating if I remember right
    - img-src will have a look again and change it, if everything works
    - style-src: we are having a lot of inline styles where we depend on, sometimes it is
not that easy to remove them

> Do not reference netdna CDN for Font Awesome icons in production
> ----------------------------------------------------------------
>                 Key: COUCHDB-2238
>                 URL:
>             Project: CouchDB
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: Fauxton
>            Reporter: Robert Kowalski
> I just noticed while I was sitting in the train without internet, hacking on Fauxton,
that I did not have many icons:
> We are currently referencing to Font-Awesome on a CDN in variables.less, which is basically
nice, but some users of CouchDB are firewalled at work and can just use the local network.
> Additionally offline people without internet can't use Fauxton then.

This message was sent by Atlassian JIRA

View raw message