You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
DecompressionStream, CSP, gzip, data URL, strict CSP, compressed JSON, fetch
Problem
The current implementation uses a data: URL for the compressed search index, which relies on decompressing it with DecompressionStream. This approach conflicts with stricter Content Security Policy rules, particularly when connect-src 'self' is enforced, as data: URLs are not allowed in such scenarios. This makes it harder to adopt the tool in environments with strict CSP policies.
Suggested Solution
Consider embedding the compressed search index as an inline Base64 string within the script and decompressing it directly in the browser using DecompressionStream. This avoids the need for data: URLs while maintaining compression benefits.
Here is an example of how that can be done:
// search.tswindow.searchData="gzip+base64 string";// as currently done, but without data:application/octet-stream;base64, prefix// main.jsasyncfunctiondecompressAndParseData(base64Data){constbinaryData=Uint8Array.from(atob(base64Data),c=>c.charCodeAt(0));constblob=newBlob([binaryData]);constdecompressedStream=blob.stream().pipeThrough(newDecompressionStream("gzip"));constdecompressedText=awaitnewResponse(decompressedStream).text();returnJSON.parse(decompressedText);}constsearchData=decompressAndParseData(window.searchData);
The text was updated successfully, but these errors were encountered:
Search Terms
DecompressionStream, CSP, gzip, data URL, strict CSP, compressed JSON, fetch
Problem
The current implementation uses a
data:URL for the compressed search index, which relies on decompressing it withDecompressionStream. This approach conflicts with stricter Content Security Policy rules, particularly whenconnect-src 'self'is enforced, asdata:URLs are not allowed in such scenarios. This makes it harder to adopt the tool in environments with strict CSP policies.Suggested Solution
Consider embedding the compressed search index as an inline Base64 string within the script and decompressing it directly in the browser using
DecompressionStream. This avoids the need fordata:URLs while maintaining compression benefits.Here is an example of how that can be done:
The text was updated successfully, but these errors were encountered: