-
Notifications
You must be signed in to change notification settings - Fork 188
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Backmerge: #3627 - Ketcher requires unsafe-eval in order to run, which contradicts content security policy best practises #6269
Conversation
Hi @MoustaphaCamara Coud you please check what is bad with prettier there? |
TL;DR: prettier version is too old In version 3+, prettier ignores files added to The current |
I think yes, it would be prefferable to have a separate PR for that. |
Seems good to me, i've updated the ignore files for the current PR @rrodionov91 . |
…ts content security policy best practises (#6269) This change uses ajv-cli to pre-compile the validation schema to allow running Ketcher under restrictive CSP header. - pre-compile schema on dev mode - prettier ignore compiled schema
How the feature works? / How did you fix the issue?
Fix the issue mentioned in:
Supersedes:
Referring to rrodionov91's comment , it was preferred to provide a solution using ajv, to avoid switching to jsonschema.
This PR uses ajv-cli to pre-compile the validation schema and allow ketcher to run under restrictive CSP header.
Ajv is removed from ketcher-core dependencies as not used anymore, replaced by ajv-cli only.
Ajv persists in ketcher-react as it is used and doesn't need pre-compilation.
This change has been successfully used in production without any issues. Please consider merging this change so all projects with restrictive Content Security Policies can also benefit from this excellent piece of software. =)
Check list
#1234 – issue name