Duet3D Logo Duet3D
    • Tags
    • Documentation
    • Order
    • Register
    • Login

    Please remove inline styling from DWC

    Scheduled Pinned Locked Moved
    Duet Web Control
    2
    4
    348
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Nxt-1undefined
      Nxt-1
      last edited by

      I just took the time to upgrade to the RRF3.4 softwarebundle and after upgrading I noticed some parts of DWC look weird. A quick look in the chrome development console explained what was going on: certain styles are being blocked.

      To give some context, my Duet sits bevind a reverse proxy and part of security measures is the content security policy header (= CSP). This is a system that lets you control what scripts (eg JS and CSS) are allowed to be loaded on your site.
      A part of normal CSP behaviour is blocking all inline scripts. This didn't use to be an issue since DWC propery separated it's scripts, but it seems like since DWC 3.4 this is no longer the case in some spots. My chrome reports index.tx:169, index.ts:73 and Cart.js:7716 as violations.

      For now, I have allowed the specific hashes of the files in my CSP header to have a workaround. Yet this is far from idial as it is clunky and the files are bound to change in the future, requiring manual intervention each time.

      I hope this can be fixed.

      -Nxt

      Duet3D and delta printer enthousiast. Buildlog
      Looking for Duet3D configuration support, check out Nxt-3D

      chrishammundefined 1 Reply Last reply Reply Quote 1
      • chrishammundefined
        chrishamm administrators @Nxt-1
        last edited by

        @nxt-1 There is no static inline style in DWC but there are four references to dynamic styles in DWC where CSS properties are computed via JavaScript.

        Are you sure these violations originate from DWC? I'm asking because none of the files are present in the DWC sources.

        Duet software engineer

        Nxt-1undefined 1 Reply Last reply Reply Quote 0
        • Nxt-1undefined
          Nxt-1 @chrishamm
          last edited by

          @chrishamm I guess they are new or updated dependencies that DWC uses. I am not sure how I can find out what they belong to appart from the two screenshots I've added that seem to show somewhat of a path?
          index.PNG
          chart.PNG

          Duet3D and delta printer enthousiast. Buildlog
          Looking for Duet3D configuration support, check out Nxt-3D

          chrishammundefined 1 Reply Last reply Reply Quote 1
          • chrishammundefined
            chrishamm administrators @Nxt-1
            last edited by

            @nxt-1 Right, that's a dependency of DWC and it's used by the temp+layer charts and the IS+CL plugins. I'll check if I can upgrade that one as part of DWC 3.5.

            Duet software engineer

            1 Reply Last reply Reply Quote 1
            • First post
              Last post
            Unless otherwise noted, all forum content is licensed under CC-BY-SA