Skip to content
This repository was archived by the owner on Apr 12, 2024. It is now read-only.

docs(ngCsp): update unsafe-eval and unsafe-inline descriptions #15142

Closed
wants to merge 2 commits into from
Closed

docs(ngCsp): update unsafe-eval and unsafe-inline descriptions #15142

wants to merge 2 commits into from

Conversation

davidcigital
Copy link
Contributor

Update description of:

  • Angular conflict with CSP
  • 'unsafe-eval' and 'unsafe-inline' to point out that these are keywords that disables certain default rules (and thereby weakens the CSP).
  • auto-detection of 'unsafe-eval' not allowed

The way it was presented previously was slightly misleading as it indicated that these were rules forbidding certain things, when in fact they're keywords in the CSP that disable the very rules that were described. I hope this update clarifies this better.

@davidcigital
docs(ngCsp): Updated unsafe-eval and unsafe-inline
cbcb6f0 
Update the description of CSP, mainly regarding unsafe-eval and unsafe-inline. The way it was presented previously was slightly misleading as it indicated that these were rules forbidding certain things, when in fact it's a keyword in the CSP that disables the very rule that was described. I hope this updated text clarifies this better.
@googlebot
Copy link

Thanks for your pull request. It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

📝 Please visit https://cla.developers.google.com/ to sign.

Once you've signed, please reply here (e.g. I signed it!) and we'll verify. Thanks.

  • If you've already signed a CLA, it's possible we don't have your GitHub username or you're using a different email address. Check your existing CLA data and verify that your email is set on your git commits.
  • If you signed the CLA as a corporation, please let us know the company's name.

1 similar comment
@googlebot
Copy link

Thanks for your pull request. It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

📝 Please visit https://cla.developers.google.com/ to sign.

Once you've signed, please reply here (e.g. I signed it!) and we'll verify. Thanks.

  • If you've already signed a CLA, it's possible we don't have your GitHub username or you're using a different email address. Check your existing CLA data and verify that your email is set on your git commits.
  • If you signed the CLA as a corporation, please let us know the company's name.

@davidcigital
Copy link
Contributor Author

I signed it!

@googlebot
Copy link

CLAs look good, thanks!

1 similar comment
@googlebot
Copy link

CLAs look good, thanks!

@davidcigital
docs(ngCsp): remove trailing spaces
b1d2845 
Remove trailing spaces from affected lines to comply with Travis CI rule checks.
@gkalpak gkalpak closed this in b59bc0b Sep 19, 2016
gkalpak pushed a commit that referenced this pull request Sep 19, 2016
@davidcigital @gkalpak
docs(ngCsp): update explanation of CSP rules and how they affect Angular
4745fec 
Update the description of CSP, mainly regarding `unsafe-eval` and `unsafe-inline`. The way it was
presented previously was slightly misleading as it indicated that these were rules forbidding
certain things, when in fact it's a keyword in the CSP that disables the very rule that was
described. The updated text clarifies this better.

Closes #15142
petebacondarwin pushed a commit to petebacondarwin/angular.js that referenced this pull request Nov 21, 2016
@davidcigital @petebacondarwin
docs(ngCsp): update explanation of CSP rules and how they affect Angular
b606e8e 
Update the description of CSP, mainly regarding `unsafe-eval` and `unsafe-inline`. The way it was
presented previously was slightly misleading as it indicated that these were rules forbidding
certain things, when in fact it's a keyword in the CSP that disables the very rule that was
described. The updated text clarifies this better.

Closes angular#15142
petebacondarwin pushed a commit to petebacondarwin/angular.js that referenced this pull request Nov 21, 2016
@davidcigital @petebacondarwin
docs(ngCsp): update explanation of CSP rules and how they affect Angular
db78b30 
Update the description of CSP, mainly regarding `unsafe-eval` and `unsafe-inline`. The way it was
presented previously was slightly misleading as it indicated that these were rules forbidding
certain things, when in fact it's a keyword in the CSP that disables the very rule that was
described. The updated text clarifies this better.

Closes angular#15142
petebacondarwin pushed a commit to petebacondarwin/angular.js that referenced this pull request Nov 21, 2016
@davidcigital @petebacondarwin
docs(ngCsp): update explanation of CSP rules and how they affect Angular
da29969 
Update the description of CSP, mainly regarding `unsafe-eval` and `unsafe-inline`. The way it was
presented previously was slightly misleading as it indicated that these were rules forbidding
certain things, when in fact it's a keyword in the CSP that disables the very rule that was
described. The updated text clarifies this better.

Closes angular#15142
petebacondarwin pushed a commit to petebacondarwin/angular.js that referenced this pull request Nov 21, 2016
@davidcigital @petebacondarwin
docs(ngCsp): update explanation of CSP rules and how they affect Angular
3466c0d 
Update the description of CSP, mainly regarding `unsafe-eval` and `unsafe-inline`. The way it was
presented previously was slightly misleading as it indicated that these were rules forbidding
certain things, when in fact it's a keyword in the CSP that disables the very rule that was
described. The updated text clarifies this better.

Closes angular#15142
petebacondarwin pushed a commit to petebacondarwin/angular.js that referenced this pull request Nov 21, 2016
@davidcigital @petebacondarwin
docs(ngCsp): update explanation of CSP rules and how they affect Angular
77b5cf8 
Update the description of CSP, mainly regarding `unsafe-eval` and `unsafe-inline`. The way it was
presented previously was slightly misleading as it indicated that these were rules forbidding
certain things, when in fact it's a keyword in the CSP that disables the very rule that was
described. The updated text clarifies this better.

Closes angular#15142
petebacondarwin pushed a commit that referenced this pull request Nov 23, 2016
@davidcigital @petebacondarwin
docs(ngCsp): update explanation of CSP rules and how they affect Angular
c5af8d7 
Update the description of CSP, mainly regarding `unsafe-eval` and `unsafe-inline`. The way it was
presented previously was slightly misleading as it indicated that these were rules forbidding
certain things, when in fact it's a keyword in the CSP that disables the very rule that was
described. The updated text clarifies this better.

Closes #15142
petebacondarwin pushed a commit that referenced this pull request Nov 24, 2016
@davidcigital @petebacondarwin
docs(ngCsp): update explanation of CSP rules and how they affect Angular
9ea1e44 
Update the description of CSP, mainly regarding `unsafe-eval` and `unsafe-inline`. The way it was
presented previously was slightly misleading as it indicated that these were rules forbidding
certain things, when in fact it's a keyword in the CSP that disables the very rule that was
described. The updated text clarifies this better.

Closes #15142
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
cla: yes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@davidcigital @googlebot