Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

WIP: Pre-compiled config schema json #5980

Draft
wants to merge 2 commits into
base: main
Choose a base branch
from

Conversation

taras
Copy link

@taras taras commented Nov 12, 2021

WIP experimentation related to #2138

Summary

Test plan

Checklist

Please add a x inside each checkbox:

  • I have read the contribution guidelines.
  • Code is formatted via running yarn format.
  • Tests are passing via running yarn test.
  • The status checks are successful (continuous integration). Those can be seen below.

A picture of a cute animal (not mandatory but encouraged)

@erezrokah erezrokah added the type: chore work needed to keep the product and development running smoothly label Nov 15, 2021
@erezrokah
Copy link
Contributor

erezrokah commented Nov 15, 2021

Thanks @taras, FYI custom widgets can declare their schema:
https://www.netlifycms.org/docs/custom-widgets/#registerwidget

Custom widgets are registered at runtime, so I'm not sure if we can compile their schema at build time (or maybe we need to require widget authors to do so).

@taras
Copy link
Author

taras commented Nov 15, 2021

@erezrokah thank you for bringing this to my attention.

Are these custom widgets 3rd party widgets distributed via npm packages or widgets created by the developer making the site? (or both?) It seems that to make NetlifyCMS work without unsafe CSP both of these groups need to use AVJ CLI or Webpack plugin that converts schemas into compiled functions.

@taras
Copy link
Author

taras commented Nov 15, 2021

@erezrokah one thing I found with this experiment is that AJV standalone mode doesn't support 2 validations that the config uses: uniqueItemProperties and instanceof. So they need to be added to AJV before the existing schema will compile.

@erezrokah
Copy link
Contributor

Are these custom widgets 3rd party widgets distributed via npm packages or widgets created by the developer making the site? (or both?)

Both

@erezrokah
Copy link
Contributor

@taras, another question on this. Can you confirm this fixes the CSP issue? I think we have other dependencies using eval.

@taras
Copy link
Author

taras commented Nov 19, 2021

@taras, another question on this. Can you confirm this fixes the CSP issue? I think we have other dependencies using eval.

it doesn’t fix the issue completely, we’re looking at the other dependencies now. eval is one issue and ‘new Function’ is another version of it. there are 8 instances of ‘new Function’ coming from netlify-cms bundles. it looks like it might be caused by webpack bundling.

@taras
Copy link
Author

taras commented Nov 22, 2021

@erezrokah we're starting to push updates to fix these CSP issues. Can you please take a look at #6009

@stale
Copy link

stale bot commented Apr 26, 2023

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the status: stale label Apr 26, 2023
@martinjagodic
Copy link
Member

@taras are you still interested in moving this forward?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
status: stale type: chore work needed to keep the product and development running smoothly
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants