From f8d9cdebdbb6f46a315ae2012b7cd2f3f2f01b8a Mon Sep 17 00:00:00 2001 From: Brian Wolff Date: Mon, 28 Oct 2019 02:02:20 -0700 Subject: [PATCH] Make CodeEditor compatible with CSP Adds a "script-src blob:" directive on pages using CodeEditor. This should allow using the blob-based web-worker that ACE uses. This bumps the MediaWiki dependency to current master (1.35.0+). Bug: T214743 Depends-on: I68054644220cd03bc96cf8ffb9c7ee375be77f96 Change-Id: I40612274a7e1d964119433442d992a8bf67f61af --- extension.json | 2 +- includes/CodeEditorHooks.php | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/extension.json b/extension.json index 82774847..1a371c8b 100644 --- a/extension.json +++ b/extension.json @@ -10,7 +10,7 @@ "license-name": "GPL-2.0-or-later AND BSD-3-Clause", "type": "editor", "requires": { - "MediaWiki": ">= 1.32.0", + "MediaWiki": ">= 1.35.0", "extensions": { "WikiEditor": ">= 0.5.2" } diff --git a/includes/CodeEditorHooks.php b/includes/CodeEditorHooks.php index 98b29be2..13fad1aa 100644 --- a/includes/CodeEditorHooks.php +++ b/includes/CodeEditorHooks.php @@ -50,6 +50,8 @@ class CodeEditorHooks { if ( $lang && $output->getUser()->getOption( 'usebetatoolbar' ) ) { $output->addModules( 'ext.codeEditor' ); $output->addJsConfigVars( 'wgCodeEditorCurrentLanguage', $lang ); + // Needed because ACE adds a blob: url web-worker. + $output->getCSP()->addScriptSrc( "blob:" ); } elseif ( !ExtensionRegistry::getInstance()->isLoaded( "WikiEditor" ) ) { throw new ErrorPageError( "codeeditor-error-title", "codeeditor-error-message" ); }