@Josh, I already have TDJ working with the <meta CSP> tag, the only thing that doesn't work for me is access to github to see the source code of the pages, what do we do with this?
Hiedra -----Mensaje original----- De: Josh Tynjala <joshtynj...@bowlerhat.dev> Enviado el: miércoles, 12 de marzo de 2025 20:38 Para: dev@royale.apache.org Asunto: Re: [apache/royale-asjs] Apache Royale Tour de Jewel - broken (Issue #1252) I'll help you with the testing. I suspect that I'll need to add another similar compiler option for including arbitrary asset files with a SWC, like fonts or images. I'm also considering adding metadata or something that associates an asset with a specific class, so that we have an option that works similarly to <inject_script>. Currently, -js-include-script and -js-include-css apply to the entire SWC, even if someone wants to use only classes from the SWC that don't need the script/css. For example, we should support a way to say that a script/css is associated with TabBarView.as only, but not any other classes in the SWC. It's more PAYG. -- Josh Tynjala Bowler Hat LLC https://bowlerhat.dev/ On Wed, Mar 12, 2025 at 10:33 AM Maria Jose Esteve <mjest...@iest.com> wrote: > Ok, I'll check it. > Hahahaha, this change is too much to include in the repository without > a good battery of tests and consensus, right? > Yesterday, instead of the meta tag, I "removed the network cable" :P > > Hiedra > > -----Mensaje original----- > De: Josh Tynjala <joshtynj...@bowlerhat.dev> Enviado el: miércoles, 12 > de marzo de 2025 18:03 > Para: dev@royale.apache.org > Asunto: Re: [apache/royale-asjs] Apache Royale Tour de Jewel - broken > (Issue #1252) > > Hi Hiedra, > > In order to test this properly, we need to create an environment > similar to the royale.apache.org site. The backend sends a > Content-Security-Policy header, which is causing this issue with > third-party resources getting blocked. > > When testing locally on our own computers, we can simulate the same > Content-Security-Policy header by adding the following <meta> tag to > the HTML file. > > <meta http-equiv="Content-Security-Policy" content="default-src 'self' > data: blob: 'unsafe-inline' https://www.apachecon.com/ > https://www.communityovercode.org/ https://analytics.apache.org/; > script-src 'self' 'unsafe-inline' 'unsafe-eval' > https://analytics.apache.org/ https://www.apachecon.com/; style-src 'self' > 'unsafe-inline' data:; frame-ancestors 'self'; frame-src 'self' data: > blob:; img-src 'self' data: https://*.apache.org/ > https://www.apachecon.com/; worker-src 'self' data: blob:;"> > > For TourDeJewel, we can add the <meta> tag to the following template > file to ensure that it gets included in the generated index.html file: > > > https://github.com/apache/royale-asjs/blob/examples/TDJ_localresources > /examples/jewel/TourDeJewel/src/main/resources/jewel-example-index-tem > plate.html > > However, you should not commit this change to the repo. I'm suggesting > this merely for testing locally to better simulate the environment on > royale.apache.org. > > -- > Josh Tynjala > Bowler Hat LLC > https://bowlerhat.dev/ > > > On Tue, Mar 11, 2025 at 5:55 AM Maria Jose Esteve <mjest...@iest.com> > wrote: > > > First step done. I've included web-animations.min.js in Jewel's swc > > and modified the TabBarView.as class I've compiled royale-asjs with > > Maven and ant and then tested TDJ and everything works as expected. > > Can someone else try compiling the “examples/TDJ_localresources” > > branch and verify that there are no issues before merging it into > > develop? > > > > Thx > > > > Hiedra > > > > De: Josh Tynjala <notificati...@github.com> Enviado el: martes, 4 de > > marzo de 2025 17:45 > > Para: apache/royale-asjs <royale-a...@noreply.github.com> > > CC: Maria Jose Esteve <mjest...@iest.com>; Comment < > > comm...@noreply.github.com> > > Asunto: Re: [apache/royale-asjs] Apache Royale Tour de Jewel - > > broken (Issue #1252) > > > > > > As an example, Jewel's TabBarView contains the following > > <inject_script> that links to a JS library on Cloudflare. That's not > going to work anymore. > > > > <inject_script> > > > > var script = document.createElement("script"); > > > > script.setAttribute("src", " > > https://cdnjs.cloudflare.com/ajax/libs/web-animations/2.3.1/web-anim > > at > > ions.min.js > > "); > > > > document.head.appendChild(script); > > > > </inject_script> > > > > We're going to need to change TabBarView (and any other classes in > > royale-asjs that use <inject_script> to load files from CDNs) to > > provide that script file in a different way. > > > > I recently added a -js-include-script option to royale-compiler. > > That's probably our best bet. It includes the .js file in the .swc > > file (or in the compiled app), and it automatically adds a <script> > > tag > to the .html file. > > > > In Jewel, we might use it like this (assuming that > > web-animations.min.js is added to our repo at that location): > > > > -js-include-script+=src/main/assembly/scripts/web-animations.min.js > > > > That means that we'll need to include web-animations.min.js in the > > Royale distribution. Hopefully, all of the scripts that we're > > referencing have compatible licenses that the ASF accepts. > > > > — > > Reply to this email directly, view it on GitHub< > > https://github.com/apache/royale-asjs/issues/1252#issuecomment-26982 > > 98 > > 577>, > > or unsubscribe< > > https://github.com/notifications/unsubscribe-auth/ANJL3U4PT7OIPW7D5E > > VN > > UED2SXJ7DAVCNFSM6AAAAABWNZIIOCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TU > > HM > > ZDMOJYGI4TQNJXG4 > > >. > > You are receiving this because you commented.Message ID: > > <apache/royale-asjs/issues/1252/2698298...@github.com<mailto:apache > > /royale-asjs/issues/1252/2698298...@github.com>> > > [joshtynjala]joshtynjala left a comment (apache/royale-asjs#1252)< > > https://github.com/apache/royale-asjs/issues/1252#issuecomment-26982 > > 98 > > 577> > > > > As an example, Jewel's TabBarView contains the following > > <inject_script> that links to a JS library on Cloudflare. That's not > going to work anymore. > > > > <inject_script> > > > > var script = document.createElement("script"); > > > > script.setAttribute("src", " > > https://cdnjs.cloudflare.com/ajax/libs/web-animations/2.3.1/web-anim > > at > > ions.min.js > > "); > > > > document.head.appendChild(script); > > > > </inject_script> > > > > We're going to need to change TabBarView (and any other classes in > > royale-asjs that use <inject_script> to load files from CDNs) to > > provide that script file in a different way. > > > > I recently added a -js-include-script option to royale-compiler. > > That's probably our best bet. It includes the .js file in the .swc > > file (or in the compiled app), and it automatically adds a <script> > > tag > to the .html file. > > > > In Jewel, we might use it like this (assuming that > > web-animations.min.js is added to our repo at that location): > > > > -js-include-script+=src/main/assembly/scripts/web-animations.min.js > > > > That means that we'll need to include web-animations.min.js in the > > Royale distribution. Hopefully, all of the scripts that we're > > referencing have compatible licenses that the ASF accepts. > > > > — > > Reply to this email directly, view it on GitHub< > > https://github.com/apache/royale-asjs/issues/1252#issuecomment-26982 > > 98 > > 577>, > > or unsubscribe< > > https://github.com/notifications/unsubscribe-auth/ANJL3U4PT7OIPW7D5E > > VN > > UED2SXJ7DAVCNFSM6AAAAABWNZIIOCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TU > > HM > > ZDMOJYGI4TQNJXG4 > > >. > > You are receiving this because you commented.Message ID: > > <apache/royale-asjs/issues/1252/2698298...@github.com<mailto:apache > > /royale-asjs/issues/1252/2698298...@github.com>> > > >
