Hi Hiedra, In order to test this properly, we need to create an environment similar to the royale.apache.org site. The backend sends a Content-Security-Policy header, which is causing this issue with third-party resources getting blocked.
When testing locally on our own computers, we can simulate the same Content-Security-Policy header by adding the following <meta> tag to the HTML file. <meta http-equiv="Content-Security-Policy" content="default-src 'self' data: blob: 'unsafe-inline' https://www.apachecon.com/ https://www.communityovercode.org/ https://analytics.apache.org/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.apache.org/ https://www.apachecon.com/; style-src 'self' 'unsafe-inline' data:; frame-ancestors 'self'; frame-src 'self' data: blob:; img-src 'self' data: https://*.apache.org/ https://www.apachecon.com/; worker-src 'self' data: blob:;"> For TourDeJewel, we can add the <meta> tag to the following template file to ensure that it gets included in the generated index.html file: https://github.com/apache/royale-asjs/blob/examples/TDJ_localresources/examples/jewel/TourDeJewel/src/main/resources/jewel-example-index-template.html However, you should not commit this change to the repo. I'm suggesting this merely for testing locally to better simulate the environment on royale.apache.org. -- Josh Tynjala Bowler Hat LLC https://bowlerhat.dev/ On Tue, Mar 11, 2025 at 5:55 AM Maria Jose Esteve <mjest...@iest.com> wrote: > First step done. I've included web-animations.min.js in Jewel's swc and > modified the TabBarView.as class > I've compiled royale-asjs with Maven and ant and then tested TDJ and > everything works as expected. Can someone else try compiling the > “examples/TDJ_localresources” branch and verify that there are no issues > before merging it into develop? > > Thx > > Hiedra > > De: Josh Tynjala <notificati...@github.com> > Enviado el: martes, 4 de marzo de 2025 17:45 > Para: apache/royale-asjs <royale-a...@noreply.github.com> > CC: Maria Jose Esteve <mjest...@iest.com>; Comment < > comm...@noreply.github.com> > Asunto: Re: [apache/royale-asjs] Apache Royale Tour de Jewel - broken > (Issue #1252) > > > As an example, Jewel's TabBarView contains the following <inject_script> > that links to a JS library on Cloudflare. That's not going to work anymore. > > <inject_script> > > var script = document.createElement("script"); > > script.setAttribute("src", " > https://cdnjs.cloudflare.com/ajax/libs/web-animations/2.3.1/web-animations.min.js > "); > > document.head.appendChild(script); > > </inject_script> > > We're going to need to change TabBarView (and any other classes in > royale-asjs that use <inject_script> to load files from CDNs) to provide > that script file in a different way. > > I recently added a -js-include-script option to royale-compiler. That's > probably our best bet. It includes the .js file in the .swc file (or in the > compiled app), and it automatically adds a <script> tag to the .html file. > > In Jewel, we might use it like this (assuming that web-animations.min.js > is added to our repo at that location): > > -js-include-script+=src/main/assembly/scripts/web-animations.min.js > > That means that we'll need to include web-animations.min.js in the Royale > distribution. Hopefully, all of the scripts that we're referencing have > compatible licenses that the ASF accepts. > > — > Reply to this email directly, view it on GitHub< > https://github.com/apache/royale-asjs/issues/1252#issuecomment-2698298577>, > or unsubscribe< > https://github.com/notifications/unsubscribe-auth/ANJL3U4PT7OIPW7D5EVNUED2SXJ7DAVCNFSM6AAAAABWNZIIOCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDMOJYGI4TQNJXG4 > >. > You are receiving this because you commented.Message ID: > <apache/royale-asjs/issues/1252/2698298...@github.com<mailto:apache > /royale-asjs/issues/1252/2698298...@github.com>> > [joshtynjala]joshtynjala left a comment (apache/royale-asjs#1252)< > https://github.com/apache/royale-asjs/issues/1252#issuecomment-2698298577> > > As an example, Jewel's TabBarView contains the following <inject_script> > that links to a JS library on Cloudflare. That's not going to work anymore. > > <inject_script> > > var script = document.createElement("script"); > > script.setAttribute("src", " > https://cdnjs.cloudflare.com/ajax/libs/web-animations/2.3.1/web-animations.min.js > "); > > document.head.appendChild(script); > > </inject_script> > > We're going to need to change TabBarView (and any other classes in > royale-asjs that use <inject_script> to load files from CDNs) to provide > that script file in a different way. > > I recently added a -js-include-script option to royale-compiler. That's > probably our best bet. It includes the .js file in the .swc file (or in the > compiled app), and it automatically adds a <script> tag to the .html file. > > In Jewel, we might use it like this (assuming that web-animations.min.js > is added to our repo at that location): > > -js-include-script+=src/main/assembly/scripts/web-animations.min.js > > That means that we'll need to include web-animations.min.js in the Royale > distribution. Hopefully, all of the scripts that we're referencing have > compatible licenses that the ASF accepts. > > — > Reply to this email directly, view it on GitHub< > https://github.com/apache/royale-asjs/issues/1252#issuecomment-2698298577>, > or unsubscribe< > https://github.com/notifications/unsubscribe-auth/ANJL3U4PT7OIPW7D5EVNUED2SXJ7DAVCNFSM6AAAAABWNZIIOCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDMOJYGI4TQNJXG4 > >. > You are receiving this because you commented.Message ID: > <apache/royale-asjs/issues/1252/2698298...@github.com<mailto:apache > /royale-asjs/issues/1252/2698298...@github.com>> >
