+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: CodeIgniter 4 (https://forum.codeigniter.com/forumdisplay.php?fid=28)
+--- Forum: CodeIgniter 4 Support (https://forum.codeigniter.com/forumdisplay.php?fid=30)
+--- Thread: Why? (/showthread.php?tid=85872)
Why? - donpwinston - 12-14-2022
Why is this code reading a javascript file(error_exception.php)?
PHP Code:
<script type="text/javascript" <?= csp_script_nonce() ?>>
<?= file_get_contents(__DIR__ . DIRECTORY_SEPARATOR . 'debug.js') ?>
</script>
Why not use:
PHP Code:
<script src="../app/Views/errors/html/debug.js"></script>
I wouldn't have to put the nonce attribute in the tag when I turn CSP on which is a GOOD thing.
Also there are inline styles all over the place. Why? It is bad practice. Again it makes CSP fail.
RE: Why? - InsiteFX - 12-14-2022
For one you no longer need to include the ( type="text/javascript" ) also the ending tag shold be just > not />
stackoverflow - What's so bad about in-line CSS?
RE: Why? - donpwinston - 12-15-2022
(12-14-2022, 11:49 PM)InsiteFX Wrote: For one you no longer need to include the ( type="text/javascript" ) also the ending tag shold be just > not />
stackoverflow - What's so bad about in-line CSS?
I know. That's not my code. It is in app/Views/errors/html/error_exception.php. I'm complaining about error_exception.php, error_404.php, and production.php. They should not be using inline styles and I believe they should also not be using a <style> tag for the css. It screws up when content security policy is turned on and causes the debug bar to not work properly.
RE: Why? - kenjis - 12-15-2022
(12-14-2022, 07:07 PM)donpwinston Wrote: Why is this code reading a javascript file(error_exception.php)?
PHP Code:<script type="text/javascript" <?= csp_script_nonce() ?>>
<?= file_get_contents(__DIR__ . DIRECTORY_SEPARATOR . 'debug.js') ?>
</script>
Why not use:
PHP Code:<script src="../app/Views/errors/html/debug.js"></script>
Because app/Views/errors/html/debug.js is not accessible via HTTP.
RE: Why? - donpwinston - 12-15-2022
(12-15-2022, 04:00 AM)kenjis Wrote:(12-14-2022, 07:07 PM)donpwinston Wrote: Why is this code reading a javascript file(error_exception.php)?
PHP Code:<script type="text/javascript" <?= csp_script_nonce() ?>>
<?= file_get_contents(__DIR__ . DIRECTORY_SEPARATOR . 'debug.js') ?>
</script>
Why not use:
PHP Code:<script src="../app/Views/errors/html/debug.js"></script>
Because app/Views/errors/html/debug.js is not accessible via HTTP.
Oh that's right. public is the docroot. Maybe consider moving the styles and scripts to the public directory?
RE: Why? - superior - 12-15-2022
Why would you put that kind of debug information in the public root, you shouldn't need in a production environment?
RE: Why? - InsiteFX - 12-15-2022
I always create my folder structure like below:
root
-- app
-- system
-- public_html or public
---- assets
------ css
------ js
------ img
------ images
------ vendor
-------- jquery
------ plugins
-- writable
Then you can access them like below:
Code:
<link href="<?= base_url('assets/css/blog.css'); ?>" rel="stylesheet">
<script src="<?= base_url('assets/vendor/jquery/jquery-3.6.0.min.js'); ?>"></script>RE: Why? - donpwinston - 12-15-2022
(12-15-2022, 08:54 AM)superior Wrote: Why would you put that kind of debug information in the public root, you shouldn't need in a production environment?
There's also the error_404.php and the production.php
(12-15-2022, 08:57 AM)InsiteFX Wrote: I always create my folder structure like below:
root
-- app
-- system
-- public_html or public
---- assets
------ css
------ js
------ img
------ images
------ vendor
-------- jquery
------ plugins
-- writable
Then you can access them like below:
Code:<link href="<?= base_url('assets/css/blog.css'); ?>" rel="stylesheet">
<script src="<?= base_url('assets/vendor/jquery/jquery-3.6.0.min.js'); ?>"></script>
Yeah, I do the same. I was complaining about the styles CI already setup to use. They put them in the app/Views/errors/html directory. There's also the Kint styles which is a mess. They should be fetched and not stuck in a style tag.