Avoid in-line JavaScript
allanbowe opened this issue ยท comments
Allan Bowe commented
Currently the SASjs Config attributes are loaded in some inline-JS in the index.html
This will break for sites with secure CSP (Content-Security Policy) settings.
As best practice, our apps should work with strict CSP - so instead we should fetch the Config attributes from special HTML tags, eg:
<my-app
serverUrl=""
appLoc="/apps/appName"
serverType="SASJS"
loginMechanism="Default"
debug="false"
useComputeApi="true"
contextName="MyApp compute context"
></my-app>
SASjs Bot commented
๐ This issue has been resolved in version 1.1.0 ๐
The release is available on:
- GitHub release
v1.1.0
Your semantic-release bot ๐ฆ๐