severfire Comments - Answer Overflow

Its Livewire and AlpineJS limitation, seems like. quoting Dan: "unsafe-eval, inline styles, etc working because Livewire does not support CSP" --> so seems like we would need to join Livewire CSP effort, or do workaround

38 replies

FFilament

•Created by Mike on 9/13/2024 in #❓┊help

Implementing Content Security Policy Headers

there was also some conversation on reddit regarding this issue, that many programmers / companies don't go with filament because of this issue

38 replies

FFilament

•Created by Mike on 9/13/2024 in #❓┊help

Implementing Content Security Policy Headers

or, if there is one person that could for sure do it, I wonder if we could do some crowdfunding for him - i for sure could give some amont of money if he could deliver 🙂

38 replies

FFilament

•Created by Mike on 9/13/2024 in #❓┊help

Implementing Content Security Policy Headers

I wonder if we should look for people who tried doing it before, if they could help us with their findings. The problem is - i think - we weren't working on this all together

38 replies

FFilament

•Created by Mike on 9/13/2024 in #❓┊help

Implementing Content Security Policy Headers

@Mike some research I just made: https://x.com/calebporzio/status/1743092509872443581 https://github.com/livewire/livewire/discussions/6113 may be useful

38 replies

FFilament

•Created by Mike on 9/13/2024 in #❓┊help

Implementing Content Security Policy Headers

thank you @Mike

38 replies

FFilament

•Created by Mike on 9/13/2024 in #❓┊help

Implementing Content Security Policy Headers

@Mike If you would have github repository branch to show of this, I would appreciate to learn how you resolved some things 🙂 thanks!

38 replies

FFilament

•Created by Mike on 9/13/2024 in #❓┊help

Implementing Content Security Policy Headers

Anyhow, thank you all for uselful information

38 replies

FFilament

•Created by Mike on 9/13/2024 in #❓┊help

Implementing Content Security Policy Headers

ah, right, sorry, you're right - Livewire was regarding my notion about vue

38 replies

FFilament

•Created by Mike on 9/13/2024 in #❓┊help

Implementing Content Security Policy Headers

To bad there is no easy workaround / hack for it ;-D something out of the box

38 replies

FFilament

•Created by Mike on 9/13/2024 in #❓┊help

Implementing Content Security Policy Headers

if it would use it, yet if there is issue with Livewire then it is additional barrier

38 replies

FFilament

•Created by Mike on 9/13/2024 in #❓┊help

Implementing Content Security Policy Headers

I see, thank you for information, Yes, I saw AlpineJS CSP version, and Filament would require some work regarding it

38 replies

FFilament

•Created by Mike on 9/13/2024 in #❓┊help

Implementing Content Security Policy Headers

I understand, then we would need to wait for CSP capable version of Livewire for this feature to be available.

38 replies

FFilament

•Created by Mike on 9/13/2024 in #❓┊help

Implementing Content Security Policy Headers

@Dan Harrin Thank you for information. Sorry to hear so many pepole failed. Maybe it would be good to chose vue in v5? Hmm.. If time allows I will try to work on v4 - I wonder if I will be able to make it. Otherwise I wonder then how could I protect better my app in v3 then, do you have workaround for this or best practices? If clients ask me for CSP I wonder what should I tell them about filament v3 and CSP

38 replies

FFilament

•Created by Mike on 9/13/2024 in #❓┊help

Implementing Content Security Policy Headers

I work on v3 now but i could work on v4 filament as well - as now v3 is my priority as my app uses it, the one i need CSP to work with 😄

38 replies

FFilament

•Created by Mike on 9/13/2024 in #❓┊help

Implementing Content Security Policy Headers

38 replies

Gaming

Programming