Page macro: CSP header directives - duplicate source info #11185
Conversation
|
Even though I feel like this is my fault, and even though I still don't like the I think it would be better in a case like this to have a single page that documents But that's just my opinion really. I'd be happy to hear other views. |
|
@wbamberg Yes, it "hurt" to do this. As per your original justifications, if the sources can ever be different then the duplication makes sense. If the sources will always the same then you could duplicate in each place, or have a single source and link, or have a single source and include (using the macro). Page inclusion is better for the reader because they don't have to jump around for the information I think this could be a single page "CSP Sources" or "CSP Directive Sources". You might argue that having just one page helps readers understand that there really is only one set of possible sources so they only need to read it once. But that's just a convenient justification - my main concern is that this is quite detailed and will be hard to maintain in multiple places. So either link or include, but duplication is risky. |
But they are always the same here, aren't they?
I think this would be better.
Yes, agreed. I think that if we did want to keep some kind of page inclusion, it might be acceptable if we had a more controlled way to do it. For instance maybe we could have /fragments alongside /files, and let But I'm not sure it's worth it. |
|
I'm happy to try redoing this as a linked page, but not until I get back. So let's park this "for now". Re other alternatives, I have used it via fragments before on other systems. This is similarly error prone - yes it tells you that more care needs to be taken, but you still need to do lots of checking, and the one time you don't is the one time it breaks. What might help is if a macro inclusion automatically marked all other including instances as "touched" so that they would all appear in the version to be reviewed. |
hamishwillee
force-pushed
the
pagemacro_http_csp
branch
from
986d4dd
to
10140e2
Compare
|
@wbamberg Howdy! OK, this is my attempt at a single page with cross linking. It removes a lot of additional duplication (previously some things uses page macro inclusion and some just duplicated). I am pretty sure that anything that specified a The new main doc is https://pr11185.content.dev.mdn.mozit.cloud/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources |
files/en-us/web/http/headers/content-security-policy/sources/index.md
Outdated
Show resolved
Hide resolved
files/en-us/web/http/headers/content-security-policy/sources/index.md
Outdated
Show resolved
Hide resolved
|
|
||
| {{page("Web/HTTP/Headers/Content-Security-Policy/default-src", "Sources")}} | ||
| Note however that some of the values don't make sense for `base-uri`, such as the keywords `'unsafe-inline'` and `'strict-dynamic'`. |
There was a problem hiding this comment.
I know it already said this, but as a reader I don't like docs that just say "some of... such as". It leave me thinking, which other ones are there? I don't think it should block this PR, but maybe a follow-up issue to list everything that does not apply?
There was a problem hiding this comment.
@wbamberg This text comes from the original version. Yes I agree, but I don't know the exceptions, and it is unlikely to be high priority. I'll add an issue once this merges so "someone" can find out.
There was a problem hiding this comment.
Cheers. Thanks for the help. Tracking issue in #12574
…ndex.md Co-authored-by: wbamberg <[email protected]>
…ndex.md Co-authored-by: wbamberg <[email protected]>
Part of #3196
The CSP headers all (more or less) included the directive information for sources using the page macro. This directly includes the source in each of the relevant pages.
Chose to duplicate rather than link to this material.