Comments (11)
That appears to be in a part of F2 v1 that included the easyXDM library. That was removed entirely in v2 of F2. v1 had some alternative builds that didn't include certain components depending on how F2 was being used. Those are called out over here https://github.com/OpenF2/F2/wiki/F2-Packages If that doesn't help, then I think you'll need to look at migrating to v2.
from f2.
Hi @rishabh-jain389 - a few questions:
- Do you have any examples or code samples you could share to reproduce the issue?
- Does the app you are creating make use of the
inlines
property of theAppManifest
? https://openf2.github.io/F2/app-development.html#inline-scripts - Have you taken a look at migrating to V2? https://openf2.github.io/F2/migrating-to-v2.html
I would imagine it would be impossible to add CSP support to V1 without a breaking change. Likewise it may be impossible to do the same in V2 as the inlines
property still remains in that version. We'd really need to see the use case to be able to suggest alternatives that may work with CSP.
Thanks-
from f2.
Hi Brian,
- Do you have any examples or code samples you could share to reproduce the issue?
Ans -
If I remove open-f2 library then this error/code-snippet doesn't appear so that is how I come up with a issue in open-f2.
- Does the app you are creating make use of the inlines property of the AppManifest?
Ans -
- Have you taken a look at migrating to V2?
Ans - Yes tried it but it is breaking our whole app.
Thanks
from f2.
Thanks, Brian for the information, Please confirm that v2 is compatible with React 16 and Angular 12?
from f2.
F2 is itself framework agnostic. F2 v1 had things like jQuery, jQuery UI, easyXDM bundled inside of it (in a closure) where as v2 drops all of those things and uses vanilla javascript where possible. v2 is considerably smaller than v1 and removed the things that were more than likely not used out of v1.
from f2.
Hi @brianbaker ,
I tried to use all three alternative builds no-easyXDM.js, no-bootstrap.js, and no-jquery-or-no-bootstrap.js. I found errors in all three libraries. see below screenshots:
no-bootstrap.js
Same error was found in this library as mentioned above related to 'use-inline
Please confirm if these libraries are error-free.
Thanks
from f2.
As it states on the [https://github.com/OpenF2/F2/wiki/F2-Packages](Packages wiki):
"They are ideally used when, for example, a container already has jQuery or sandboxed apps aren't needed."
So the use of the packages depends on what you already have on the page. Using no-jquery-or-bootstrap
on a page that doesn't already have jQuery on it will error out. The only one that may have worked would be the no-easyXDM
...
I think you're probably looking for something that can't happen.
F2 v1 was developed in a time when the Content Security Policy was really just getting started. The "new" browsers at the time like Firefox or Chrome supported parts of it but IE certainly did not. (We were still supporting IE 8 back then) I just don't think F2 v1 (or maybe even v2) is fundamentally compatible with CSP, especially given that how tight you lock down the page can vary from page to page. You will have to make concessions in your policies.
from f2.
Hi @brianbaker ,
We have migration problems from V1.4.5 to V2.
In V1 F2 works fine with the Angular app inside <iframe> but iframes aren't used in V2 anymore. How it should work without iframes? Our application isn't rendering inside F2 app now so we need to understand what we can change in settings.
Do you have any proper migration docs or valid examples for V2? This page has insufficient documentation https://openf2.github.io/F2/migrating-to-v2.html.
Thank!
from f2.
I think we would need an example or some code snippets of what you have implemented. It sounds like you need your app to run in an iframe because its javascript/css/etc. conflict with the parent page and not because of security purposes.
The "Secure Apps" that were in V1 were there as a security feature - if a container developer/owner wanted to ensure that an app developer didn't have some kind of access to the parent page. From a framework perspective, there was no difference when apps were running inside of an iframe or not.
from f2.
Hi @brianbaker!
In v.1.4.5 we have good parsing of our app inside iframe
In v2.0.0 rendering doesn't happen due to missing our inside our parent
Looks like that we still need to use iframe for rendering our application (we are using javascript/css/html/etc). Is there another way to change our approach in v.2.0.0?
Also secure.js is not running in F2 v2.
Thanks!
from f2.
Hi @brianbaker ,
Have you checked the code snippets shared by Dmytro? Please provide your suggestion.
Thanks
from f2.
Related Issues (20)
- How to use F2 Registry and Store HOT 2
- Add support for cross-domain Apps HOT 7
- Add bower install to readme HOT 1
- Fix gruntfile.js in bower.json to match case in filename HOT 1
- Create build task in grunt file HOT 1
- change gh-pages task to only copy dist folder under docs HOT 1
- bump version to 1.4.2 HOT 1
- Upload new version to Nuget.org HOT 1
- Container error thrown when using shadow DOM HOT 2
- Issue related to i-pad - Set description as 'Tube'. HOT 2
- Add Failure AppHandler constants HOT 1
- Website examples fail to load HOT 1
- Issue related to i-pad - Set description as 'Tube'
- How to Use f2-autoload on F2.Event.emit or F2.Event.on HOT 3
- Can't recieve event in secure app HOT 1
- Update Libraries w/ Known Security Vulnerabilities HOT 3
- App Class's 'destroy' method is undocumented
- Cannot pass DOM element references in event data HOT 1
- APP_MANIFEST_REQUEST_FAIL is never emitted HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from f2.