Comments (6)
hmm, if I understand their docs correctly then strict
should be as safe as the sandbox
mode, but the sandbox
mode would potentially enable a few more features. given all that, I guess strict
should work fine for us.
from crates.io.
Refused to frame '' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'frame-src' was not explicitly set, so 'default-src' is used as a fallback.
I think this might be the relevant error in the dev tools.
To answer your questions: Yes, it is live in production. No, I personally hadn't tested it on production yet. Yes, it is broken... 😅
It looks like the reason why it works in development mode but not production is (yet again) our Content Security Policy header, which is set by nginx, which is not running in frontend development mode 🙈
@ToBinio do you have time to take a look at this? first step would be to try and reproduce this locally, and then find a CSP header that allows the mermaid stuff to render correctly.
from crates.io.
Shure, I can try.
But I will only be able to do something in the evening.
another note:
could it be that because the rendered README's get stored. the old ones like natural-xml-diff
don't get mermaid support?
if so, these should probaly get rerendered
from crates.io.
@Turbo87 @ToBinio Thank you for the quick response. Please let me know if I can support you in any way.
from crates.io.
I discovered a new problem... mermaid did not work on my local machine even without the CSP header. Why? firefox...
not sure why but I wasn't able to get the sandbox
mode running with Firefox (with Chrome everything was fine)
so I didn't really play around with the CSP header any longer.
a fix for both would be to use strict
mode instead of sandbox
. this worked with the CSP header and on Firefox
note:
sandbox is still in beta
from crates.io.
Thank you for fixing it! It does render now!
from crates.io.
Related Issues (20)
- crates.io's TOML snippet with metadata produces warnings when used in `Cargo.toml` HOT 2
- Download graphs not starting at y=0
- `recent_crate_downloads` materialised view is not refreshed with the new download counting implementation HOT 1
- 'Browse All Crates' results in `Something Went Wrong!' HOT 1
- API token expiry warning emails HOT 5
- Name squatting: Can't find current owner's contact info HOT 2
- Tracking Issue for Packages as (optional) namespaces HOT 3
- README example rendering doesn't hide lines HOT 2
- An internal server error on crates.io website HOT 1
- Remove usage of EmberJS in the front-end? HOT 3
- Status 403 Forbidden HOT 1
- Image rendered wrongly HOT 3
- Crates with paths differing only by case are allowed HOT 2
- Unable to add owner via CLI; kinda works via web HOT 4
- GitHub special Markdown blocks aren't rendered in README section
- Policy page is missing indentation, changing its meaning HOT 1
- Failed to log in: Error obtaining token after logging out HOT 9
- Broken CONTRIBUTING link for crate `cargo-cyclonedx` HOT 8
- creates-io team outbound link, on the footer of creates.io - 404 not found at target
- internal server error when searching "using" HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from crates.io.