Why? - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: CodeIgniter 4 (https://forum.codeigniter.com/forumdisplay.php?fid=28) +--- Forum: CodeIgniter 4 Support (https://forum.codeigniter.com/forumdisplay.php?fid=30) +--- Thread: Why? (/showthread.php?tid=85872) |
Why? - donpwinston - 12-14-2022 Why is this code reading a javascript file(error_exception.php)? PHP Code: <script type="text/javascript" <?= csp_script_nonce() ?>> Why not use: PHP Code: <script src="../app/Views/errors/html/debug.js"></script> I wouldn't have to put the nonce attribute in the tag when I turn CSP on which is a GOOD thing. Also there are inline styles all over the place. Why? It is bad practice. Again it makes CSP fail. RE: Why? - InsiteFX - 12-14-2022 For one you no longer need to include the ( type="text/javascript" ) also the ending tag shold be just > not /> stackoverflow - What's so bad about in-line CSS? RE: Why? - donpwinston - 12-15-2022 (12-14-2022, 11:49 PM)InsiteFX Wrote: For one you no longer need to include the ( type="text/javascript" ) also the ending tag shold be just > not /> I know. That's not my code. It is in app/Views/errors/html/error_exception.php. I'm complaining about error_exception.php, error_404.php, and production.php. They should not be using inline styles and I believe they should also not be using a <style> tag for the css. It screws up when content security policy is turned on and causes the debug bar to not work properly. RE: Why? - kenjis - 12-15-2022 (12-14-2022, 07:07 PM)donpwinston Wrote: Why is this code reading a javascript file(error_exception.php)? Because app/Views/errors/html/debug.js is not accessible via HTTP. RE: Why? - donpwinston - 12-15-2022 (12-15-2022, 04:00 AM)kenjis Wrote:(12-14-2022, 07:07 PM)donpwinston Wrote: Why is this code reading a javascript file(error_exception.php)? Oh that's right. public is the docroot. Maybe consider moving the styles and scripts to the public directory? RE: Why? - superior - 12-15-2022 Why would you put that kind of debug information in the public root, you shouldn't need in a production environment? RE: Why? - InsiteFX - 12-15-2022 I always create my folder structure like below: root -- app -- system -- public_html or public ---- assets ------ css ------ js ------ img ------ images ------ vendor -------- jquery ------ plugins -- writable Then you can access them like below: Code: <link href="<?= base_url('assets/css/blog.css'); ?>" rel="stylesheet"> RE: Why? - donpwinston - 12-15-2022 (12-15-2022, 08:54 AM)superior Wrote: Why would you put that kind of debug information in the public root, you shouldn't need in a production environment? There's also the error_404.php and the production.php (12-15-2022, 08:57 AM)InsiteFX Wrote: I always create my folder structure like below: Yeah, I do the same. I was complaining about the styles CI already setup to use. They put them in the app/Views/errors/html directory. There's also the Kint styles which is a mess. They should be fetched and not stuck in a style tag. |