feat: allow custom protocols for app href #2575
Conversation
|
Here's the code health analysis summary for commits Analysis Summary
|
manuel-rw
added
good first issue
|
We already saw that users will always find new ways to use homarrr, having this restriction to only HTTP in the first place is restrictive, we could just define proper CSP rules so that it shows "VM1705:1 Refused to run the JavaScript URL because it violates the following Content Security Policy" error. Either way we are not responsible for anyone's use of homarr, i'd remove the validation and expect my users to be smart enough to understand that a link is meant to be used there |
|
I made some research and believe that CSP should be enough to protect the user. I will update the PR... |
manuel-rw
force-pushed
the
feat/allow-other-app-protocols
branch
from
cb62455 to
7e76590
Compare
manuel-rw
added
enhancement
manuel-rw
changed the title
manuel-rw
force-pushed
the
feat/allow-other-app-protocols
branch
from
7e76590 to
6680098
Compare
manuel-rw
force-pushed
the
feat/allow-other-app-protocols
branch
from
6680098 to
27aefa6
Compare
|
@Meierschlumpf can you confirm CSP didn't break your setup? |
|
I haven't tried with iframes / similar as I don't really have a setup myself. But I've tried to get around our javascript restrictions and fixed the relevant things. If you want I can also try out with iframes / images |
Allow other protocols (such as ftp://, steam://, rdp://) whilst still blocking javascript.
manuel-rw
force-pushed
the
feat/allow-other-app-protocols
branch
from
23b3a3a to
089bf77
Compare
|
I can confirm that nothing is broken on my dashboards. I will merge |
Allow other protocols (such as ftp://, steam://, rdp://) whilst still blocking javascript.
Homarr
Thank you for your contribution. Please ensure that your pull request meets the following pull request:
pnpm build, autofix withpnpm format:fix)devbranchx,y,ior any abbrevation)