-
Notifications
You must be signed in to change notification settings - Fork 45
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update react-error-overlay CSP hash #1792
Conversation
Deployed to Cloudflare Pages
|
Codecov Report
Additional details and impacted files@@ Coverage Diff @@
## master #1792 +/- ##
==========================================
- Coverage 81.44% 81.36% -0.08%
==========================================
Files 191 191
Lines 5067 5067
Branches 930 930
==========================================
- Hits 4127 4123 -4
- Misses 940 944 +4
Flags with carried forward coverage won't be shown. Click here to find out more. |
@@ -17,7 +17,7 @@ const localnet = ` | |||
const hmrWebsocket = ` | |||
ws://localhost:2222 | |||
` | |||
const reactErrorOverlay = `'sha256-RV6I4HWPb71LvA27WVD3cEz8GsJrHlfcM/2X2Q5gV00='` | |||
const reactErrorOverlay = `'sha256-yt+SNVxRkIi6H6yb7ndFuZM1esMX9esg3UpRHaTsyVk='` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you add a comment where we can find this ID so everyone is aware of it and also when it changes?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Related: #1609 (comment)
I copy it from chrome console, it's printed on any hot-module-reload when it's broken.
Modified the test so it would now print:
1) [chromium] › csp-react-error-overlay.spec.ts:5:5 › Dev Content-Security-Policy should allow react-error-overlay
Error: expect(received).not.toMatchObject(expected)
Expected: not {"type": "error"}
Received: {"args": [], "location": {"columnNumber": 0, "lineNumber": 2769, "url": "http://localhost:3000/index.2b04b272.js"}, "text": "Refused to execute inline script because it violates the following Content Security Policy directive: \"script-src 'self' 'sha256-RV6I4HWPb71LvA27WVD3cEz8GsJrHlfcM/2X2Q5gV00=' 'unsafe-eval' 'report-sample'\". Either the 'unsafe-inline' keyword, a hash ('sha256-yt+SNVxRkIi6H6yb7ndFuZM1esMX9esg3UpRHaTsyVk='), or a nonce ('nonce-...') is required to enable inline execution.
", "type": "error"}
at ../utils/expectNoErrorsInConsole.ts:37
35 | text: message.text(),
36 | type: message.type(),
> 37 | }).not.toMatchObject({
| ^
38 | type: 'error',
39 | })
40 | }
it's hard to make a prettier output
7547175
to
e695fea
Compare
Broken since 9c7da1a
Note: react-error-overlay only appears during development, and csp-react-error-overlay.spec.ts doesn't test it on CI. Running it locally detects it as broken tho.