https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20397
--- Comment #9 from Jake Deery <[email protected]> --- Katrin - I didn't realise you could set 'unsafe-inline'. That would be a great first step, and something we could probably implement quite quickly with minimal disruption :-) The OpacUserJs problem is one that will need more thought and discussion. There are many ways to solve it, each with different benefits and drawbacks in my eyes * You could keep everything in the database, and have a Perl script fetch it on each pageload. E.g. <script src="/cgi-bin/koha/opac-userjs.pl"></script>. This has the benefit of keeping everything in the database, but the drawback of being slow (you're making a dynamic call on each pageload). * Or, you can keep everything in the database, and rebuild a file when you save the syspref. For example, using a filehandler to write to somewhere in /var/lib/koha (or another location, /tmp maybe?). This has the benefit of being faster and cachable using Apache headers, but the drawback of maybe being inconsistent for sites that are configured poorly. * The other option is to maybe do a bit of both? Keep everything in the database, but have the option in the Koha sysprefs page of having a save button and a rebuild button separate from each other. So you can manually rebuild the JS file in the filesystem if it becomes unusable or missing! Of course, these are ideas - and I have COVID at the moment, so I may be writing 100 words where I would usually find what I need to say in ten. Again - open discussion; please say if you think these ideas are all silly, or not useful for Koha's usecase. :-) -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
