#3220 Upgrade to fedora-bootstrap 1.0.3 or higher please
Closed: Invalid 5 years ago Opened 5 years ago by puiterwijk.

fedora-bootstrap lower than 1.0.3 is using an upstream bootstrap 4.0 release that's less than alpha.6, which requires unsafe-eval in the CSP header, due to their use of "new Function": https://github.com/twbs/bootstrap/blob/v4.0.0-alpha.5/js/src/util.js#L124.

This was fixed in the commit (with awesome commit message "grunt") https://github.com/twbs/bootstrap/commit/d1171ac44ad05a1b7244900b690840093d3e5573#diff-2757cd21af75a7f198f845bbd0a1a748L152 which was introduced in alpha.6.

fedora-bootstrap version 1.0.3 uses bootstrap v4.0.0-alpha.6, which should allow us to get rid of that specific CSP option.


Metadata Update from @puiterwijk:
- Issue assigned to ryanlerch

5 years ago

For the record: the part that didn't work were modal dialogs (specifically the token ACL viewing one).

Metadata Update from @puiterwijk:
- Assignee reset

5 years ago

Metadata Update from @puiterwijk:
- Issue assigned to ryanlerch

5 years ago

trunk currently uses the newer version of Fedora Bootstrap.

So I guess we can close this as Invalid?

Metadata Update from @pingou:
- Issue close_status updated to: Invalid

5 years ago

Login to comment on this ticket.

Metadata