Page MenuHomeMiraheze

CSP Change Broke ScratchBlocks
Closed, ResolvedPublic

Description

The recent change in how the CSP applies broke the ScratchBlocks extension. This is the error I have in my console-
Content Security Policy: The page's settings blocked the loading of a resource at https://scratchblocks.github.io/js/scratchblocks-v3.5.2-min.js?_=1631021139151 ("script-src").

Event Timeline

Redmin triaged this task as Normal priority.Sep 7 2021, 13:36
Redmin created this task.

Why are we loading external resources & not bundling js?

Added to review column but I'm leaning on a -1 unless there's a reason to not bundle the js & use resource loader

Unknown Object (User) closed this task as Resolved.Sep 7 2021, 17:07
Unknown Object (User) claimed this task.
Unknown Object (User) edited projects, added MediaWiki (SRE); removed CSP Review, Site Reliability Engineering.
Unknown Object (User) moved this task from Deployed Extension Bugs to Actions Needed (Review) on the Extensions board.
Unknown Object (User) moved this task from Backlog to Short Term on the MediaWiki (SRE) board.Sep 7 2021, 17:07
Unknown Object (User) moved this task from Unsorted to Short Term on the Universal Omega board.