// Add unsafe-eval to the content security policy for faster source maps in development mode
devCSP:=""
ifmodel.BuildNumber=="dev" {
devCSP+=" 'unsafe-eval'"
}
// Add unsafe-inline to unlock extensions like React & Redux DevTools in Firefox
// see https://github.com/reduxjs/redux-devtools/issues/380
ifmodel.BuildNumber=="dev" {
devCSP+=" 'unsafe-inline'"
}
Let’s key this off the ServiceSetings.EnableDeveloper mode instead. I'm in a situation where I'd love to be able to debug a plugin on a non-dev-built server (specifically, https://subpath.test.mattermost.com/) but can't deploy a debug build given these constraints. (And can't realistically deploy a custom server build.)
Today we allow the
unsafe-evalandunsafe-inlineCSP directives only when the server was compiled as a developer build:mattermost-server/web/handlers.go
Lines 177 to 187 in ddfa6e2
Let’s key this off the
ServiceSetings.EnableDevelopermode instead. I'm in a situation where I'd love to be able to debug a plugin on a non-dev-built server (specifically, https://subpath.test.mattermost.com/) but can't deploy a debug build given these constraints. (And can't realistically deploy a custom server build.)Issue created from a message in Mattermost.
If you're interested please comment here and come join our "Contributors" community channel on our daily build server, where you can discuss questions with community members and the Mattermost core team. For technical advice or questions, please join our "Developers" community channel.
New contributors please see our Developer's Guide.
JIRA: https://mattermost.atlassian.net/browse/MM-38177
The text was updated successfully, but these errors were encountered: