• Tags
  • Documentation
  • Order
  • Register
  • Login
Duet3D Logo Duet3D
  • Tags
  • Documentation
  • Order
  • Register
  • Login

Please remove inline styling from DWC

Scheduled Pinned Locked Moved
Duet Web Control
2
4
348
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • undefined
    Nxt-1
    last edited by 8 May 2022, 21:55

    I just took the time to upgrade to the RRF3.4 softwarebundle and after upgrading I noticed some parts of DWC look weird. A quick look in the chrome development console explained what was going on: certain styles are being blocked.

    To give some context, my Duet sits bevind a reverse proxy and part of security measures is the content security policy header (= CSP). This is a system that lets you control what scripts (eg JS and CSS) are allowed to be loaded on your site.
    A part of normal CSP behaviour is blocking all inline scripts. This didn't use to be an issue since DWC propery separated it's scripts, but it seems like since DWC 3.4 this is no longer the case in some spots. My chrome reports index.tx:169, index.ts:73 and Cart.js:7716 as violations.

    For now, I have allowed the specific hashes of the files in my CSP header to have a workaround. Yet this is far from idial as it is clunky and the files are bound to change in the future, requiring manual intervention each time.

    I hope this can be fixed.

    -Nxt

    Duet3D and delta printer enthousiast. Buildlog
    Looking for Duet3D configuration support, check out Nxt-3D

    undefined 1 Reply Last reply 9 May 2022, 08:48 Reply Quote 1
    • undefined
      chrishamm administrators @Nxt-1
      last edited by 9 May 2022, 08:48

      @nxt-1 There is no static inline style in DWC but there are four references to dynamic styles in DWC where CSS properties are computed via JavaScript.

      Are you sure these violations originate from DWC? I'm asking because none of the files are present in the DWC sources.

      Duet software engineer

      undefined 1 Reply Last reply 10 May 2022, 21:56 Reply Quote 0
      • undefined
        Nxt-1 @chrishamm
        last edited by 10 May 2022, 21:56

        @chrishamm I guess they are new or updated dependencies that DWC uses. I am not sure how I can find out what they belong to appart from the two screenshots I've added that seem to show somewhat of a path?
        index.PNG
        chart.PNG

        Duet3D and delta printer enthousiast. Buildlog
        Looking for Duet3D configuration support, check out Nxt-3D

        undefined 1 Reply Last reply 11 May 2022, 08:36 Reply Quote 1
        • undefined
          chrishamm administrators @Nxt-1
          last edited by 11 May 2022, 08:36

          @nxt-1 Right, that's a dependency of DWC and it's used by the temp+layer charts and the IS+CL plugins. I'll check if I can upgrade that one as part of DWC 3.5.

          Duet software engineer

          1 Reply Last reply Reply Quote 1
          4 out of 4
          • First post
            4/4
            Last post
          Unless otherwise noted, all forum content is licensed under CC-BY-SA