What are the Slack Archives?

It’s a history of our time together in the Slack Community! There’s a ton of knowledge in here, so feel free to search through the archives for a possible answer to your question.

Because this space is not active, you won’t be able to create a new post or comment here. If you have a question or want to start a discussion about something, head over to our categories and pick one to post in! You can always refer back to a post from Slack Archives if needed; just copy the link to use it as a reference..

Sandbox directive settings in the application security policy header?

U019JM2HE7N
U019JM2HE7N Posts: 61 🧑🏻‍🚀 - Cadet
edited May 2023 in Help

Hi all, has someone an explanation for the current sandbox directive settings in the application security policy header in yves?
https://github.com/spryker/application/commit/92aaf096966a0724e726c6744533f900a924316d

It does not look ideal, since Google Chrome for example triggers a warning for the usage of the combination ‘allow-scripts’ and ‘allow-same-origin’ in developer console

Comments

  • fsmeier
    fsmeier Senior Software Engineer & Developer Enablement Advocate Sprykee Posts: 1,084 ⚖️ - Guardians (admin)

    Hey, can you send an example of the warning?

  • U019JM2HE7N
    U019JM2HE7N Posts: 61 🧑🏻‍🚀 - Cadet

    The warning is visible in the linked image or across all demoshops via Google Chrome Developer Console (e.g. https://www.de.suite-nonsplit.demo-spryker.com/ )

  • fsmeier
    fsmeier Senior Software Engineer & Developer Enablement Advocate Sprykee Posts: 1,084 ⚖️ - Guardians (admin)

    Ah sorry, i am just blind - The big preview image of github took all my focus

  • U019JM2HE7N
    U019JM2HE7N Posts: 61 🧑🏻‍🚀 - Cadet

    @florian.scholz could you find any reason why spryker adds both sandbox directives mentioned in the warning?

  • fsmeier
    fsmeier Senior Software Engineer & Developer Enablement Advocate Sprykee Posts: 1,084 ⚖️ - Guardians (admin)

    Hey, i will try to push the team again - i did not receive any answer yet

  • fsmeier
    fsmeier Senior Software Engineer & Developer Enablement Advocate Sprykee Posts: 1,084 ⚖️ - Guardians (admin)

    Maybe it could also help if you create an issue via the customer-portal to increase the prio. (would be cool if you ping we once you did it so i can tell the CSM to link it)

  • U019JM2HE7N
    U019JM2HE7N Posts: 61 🧑🏻‍🚀 - Cadet

    Thanks, @florian.scholz, i've created a ticket (case number: 00049369)