Why is this:
if (options.liveReload) {
['localhost', '0.0.0.0'].forEach(function(host) {
headerConfig['connect-src'] = headerConfig['connect-src'] + ' ws://' + host + ':' + options.liveReloadPort;
headerConfig['script-src'] = headerConfig['script-src'] + ' ' + host + ':' + options.liveReloadPort;
});
}
done in ember-cli-content-security-policy and not in ember-cli-inject-live-reload ? I ask this because it is seems more logical to me to let it be inserted by the module that uses the external connect-src. I like in :
EmberPouch to inject the domains in connect-src. This seems better to me than adding if (options.liveReload) and if (options.EmberPouch) to the ember-cli-content-security-policy. Perhaps it done for booting ember-cli-content-security-policy and will it move in the future so all adapter makers can do inject connect-src the same way as ember-cli-inject-live-reload. If you do it by hand in your config environment it works as long as the adapter uses static domains/ports. I have no problem with the current setup but was just wondering why.