Why add domain in `ember-cli-content-security-policy` and not in `ember-cli-inject-live-reload`?


#1

Why is this:

if (options.liveReload) {
  ['localhost', '0.0.0.0'].forEach(function(host) {
    headerConfig['connect-src'] = headerConfig['connect-src'] + ' ws://' + host + ':' + options.liveReloadPort;
    headerConfig['script-src'] = headerConfig['script-src'] + ' ' + host + ':' + options.liveReloadPort;
  });
}

done in ember-cli-content-security-policy and not in ember-cli-inject-live-reload ? I ask this because it is seems more logical to me to let it be inserted by the module that uses the external connect-src. I like in :

EmberPouch to inject the domains in connect-src. This seems better to me than adding if (options.liveReload) and if (options.EmberPouch) to the ember-cli-content-security-policy. Perhaps it done for booting ember-cli-content-security-policy and will it move in the future so all adapter makers can do inject connect-src the same way as ember-cli-inject-live-reload. If you do it by hand in your config environment it works as long as the adapter uses static domains/ports. I have no problem with the current setup but was just wondering why.