Module#run methods are run before ng-csp takes effect #2963
Comments
|
I also just hit this. Ping @mhevery @IgorMinar @btford et al. can this be triaged? |
|
I ended up using a decorator to get this working instead of a run method, but it would be great to do something around this. |
|
@boushley Would you be able to share a link to your decorator? |
|
I just used: |
|
Thanks a lot @boushley, that did the trick for me too. |
|
This is still broken by default and I couldn't get it working with the decorator patch posted above? Any plans to fix ngCSP to work? I am just starting and don't have a great understanding of the inner workings yet. |
|
@digitarald you have to put the snippet above inside a config function like this: angular.module('yourModule')
.config(function ($provide) {
$provide.decorator('$sniffer', ['$delegate', function ($sniffer) {
$sniffer.csp = true;
return $sniffer;
}]);
})Hope this helps. |
|
@Skivvies thank you, that worked after all. But it still defeats the purpose of ng-csp; which obviously isn't working. |
|
I wasn't (and I don't think @Skivvies was) suggesting that the decorator workaround is a solution. It's just a workaround until something in angular get's changed. If you look at the code for $sniffer it says it's internal and to keep your hands off, essentially, but this works for now. |
|
No blaming intended on my side! I am glad the workaround is working for now, even though it uses internals and isn't future proof. I just wanted raise awareness and priority for this bug which renders |
|
My guess is that this is going to be a tough cookie to solve. I've been reading through some of the Angular internals and it might be pretty hard to get this ordered correctly. |
|
I'm trying to use http://developer.chrome.com/apps with 1.2.0-rc.3 and I'm having this issue. Maybe just check for |
When we refactored , we broke the csp mode because the previous implementation relied on the fact that it was ok to lazy initialize the .csp property, this is not the case any more. Besides, we need to know about csp mode during bootstrap and avoid injecting the stylesheet when csp is active, so I refactored the code to fix both issues. PR angular#4411 will follow up on this commit and add more improvements. Closes angular#917 Closes angular#2963 Closes angular#4394 Closes angular#4444 BREAKING CHANGE: triggering ngCsp directive via `ng:csp` attribute is not supported any more. Please use data-ng-csp instead.
When we refactored , we broke the csp mode because the previous implementation relied on the fact that it was ok to lazy initialize the .csp property, this is not the case any more. Besides, we need to know about csp mode during bootstrap and avoid injecting the stylesheet when csp is active, so I refactored the code to fix both issues. PR angular#4411 will follow up on this commit and add more improvements. Closes angular#917 Closes angular#2963 Closes angular#4394 Closes angular#4444 BREAKING CHANGE: triggering ngCsp directive via `ng:csp` attribute is not supported any more. Please use data-ng-csp instead.
When we refactored , we broke the csp mode because the previous implementation relied on the fact that it was ok to lazy initialize the .csp property, this is not the case any more. Besides, we need to know about csp mode during bootstrap and avoid injecting the stylesheet when csp is active, so I refactored the code to fix both issues. PR angular#4411 will follow up on this commit and add more improvements. Closes angular#917 Closes angular#2963 Closes angular#4394 Closes angular#4444 BREAKING CHANGE: triggering ngCsp directive via `ng:csp` attribute is not supported any more. Please use data-ng-csp instead.
Right now if I have a module.run() that triggers the getterFn logic inside of Angular it is occuring before the ng-csp directive can take effect. So the Function constructor function is returned and used, and the initialization stops form the CSP error.
I'm able to work around this for now by adding another module.run method prior that has the $sniffer injected and sets $sniffer.csp to true.
It would be great if the module.run methods were invoked after ng-csp took effect. Alternatively it seems like it would be better to inject the $snifferProvider into the module config and be able to tell it to turn on CSP.
Is there a suggested direction for how you would want to solve this?
The text was updated successfully, but these errors were encountered: