Why is this:
if (options.liveReload) {
['localhost', '0.0.0.0'].forEach(function(host) {
headerConfig['connect-src'] = headerConfig['connect-src'] + ' ws://' + host + ':' + options.liveReloadPort;
headerConfig['script-src'] = headerConfig['script-src'] + ' ' + host + ':' + options.liveReloadPort;
});
}
done in ember-cli-content-security-policy
and not in ember-cli-inject-live-reload
? I ask this because it is seems more logical to me to let it be inserted by the module that uses the external connect-src
. I like in :
EmberPouch to inject the domains in connect-src
. This seems better to me than adding if (options.liveReload)
and if (options.EmberPouch)
to the ember-cli-content-security-policy
. Perhaps it done for booting ember-cli-content-security-policy
and will it move in the future so all adapter makers can do inject connect-src
the same way as ember-cli-inject-live-reload
. If you do it by hand in your config environment it works as long as the adapter uses static domains/ports. I have no problem with the current setup but was just wondering why.