WIP: Pre-compiled config schema json #5980
Conversation
erezrokah
added
the
type: chore
|
Thanks @taras, FYI custom widgets can declare their schema: Custom widgets are registered at runtime, so I'm not sure if we can compile their schema at build time (or maybe we need to require widget authors to do so). |
|
@erezrokah thank you for bringing this to my attention. Are these custom widgets 3rd party widgets distributed via npm packages or widgets created by the developer making the site? (or both?) It seems that to make NetlifyCMS work without unsafe CSP both of these groups need to use AVJ CLI or Webpack plugin that converts schemas into compiled functions. |
|
@erezrokah one thing I found with this experiment is that AJV standalone mode doesn't support 2 validations that the config uses: |
Both |
|
@taras, another question on this. Can you confirm this fixes the CSP issue? I think we have other dependencies using |
it doesn’t fix the issue completely, we’re looking at the other dependencies now. eval is one issue and ‘new Function’ is another version of it. there are 8 instances of ‘new Function’ coming from netlify-cms bundles. it looks like it might be caused by webpack bundling. |
|
@erezrokah we're starting to push updates to fix these CSP issues. Can you please take a look at #6009 |
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
|
@taras are you still interested in moving this forward? |
WIP experimentation related to #2138
Summary
Test plan
Checklist
Please add a
xinside each checkbox:yarn format.yarn test.A picture of a cute animal (not mandatory but encouraged)