-
|
Since the repository link integration (for GitHub and GitLab) make JavaScript calls to external sites, they might require losening the Content Security Policy (CSP) to allow access to for example Do you think this is worth mentioning (maybe as a footnote) in the mkdocs-material documentation? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 3 replies
-
|
Thanks for asking. I think this is a rather advanced setting and doesn't have to do anything in particular with Material for MkDocs. I think users that opt into CSP will check external requests and realize that GitHub would need to be whitelisted. Thus, I rather vouch for keeping the documentation as simple as possible. |
Beta Was this translation helpful? Give feedback.
-
|
One issue is, that it's not really documented anywhere, what external calls Material for MkDocs makes, so users have to guess and monitor error reports in the browser, which can also be missed. |
Beta Was this translation helpful? Give feedback.
-
|
Well, most users just don't care (= 5 issues mentioning CSP in 9 years). If they care, they will check the network inspector. Adding this to our documentation will increase the cognitive load, which is why we're not considering this at this time. |
Beta Was this translation helpful? Give feedback.
-
|
Fair enough. Personally, I still think it would be worth a footnote. (Side note: Just noticed as I was looking at what OWASP recommends, that some of their site is built with Material for MkDocs 😄) |
Beta Was this translation helpful? Give feedback.
Thanks for asking. I think this is a rather advanced setting and doesn't have to do anything in particular with Material for MkDocs. I think users that opt into CSP will check external requests and realize that GitHub would need to be whitelisted. Thus, I rather vouch for keeping the documentation as simple as possible.