Welcome Guest, Not a member yet? Register   Sign In
Why?
#1

(This post was last modified: 12-14-2022, 07:18 PM by donpwinston.)

Why is this code reading a javascript file(error_exception.php)?
PHP Code:
<script type="text/javascript" <?= csp_script_nonce() ?>>
        <?= file_get_contents(__DIR__ DIRECTORY_SEPARATOR 'debug.js'?>
</script> 

Why not use:
PHP Code:
<script src="../app/Views/errors/html/debug.js"></script

I wouldn't have to put the nonce attribute in the tag when I turn CSP on which is a GOOD thing.

Also there are inline styles all over the place. Why? It is bad practice. Again it makes CSP fail.
Simpler is always better
Reply
#2

For one you no longer need to include the ( type="text/javascript" ) also the ending tag shold be just >  not />

stackoverflow - What's so bad about in-line CSS?
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )
Reply
#3

(12-14-2022, 11:49 PM)InsiteFX Wrote: For one you no longer need to include the ( type="text/javascript" ) also the ending tag shold be just >  not />

stackoverflow - What's so bad about in-line CSS?

I know. That's not my code. It is in app/Views/errors/html/error_exception.php. I'm complaining about error_exception.php, error_404.php, and production.php. They should not be using inline styles and I believe they should also not be using a <style> tag for the css. It screws up when content security policy is turned on and causes the debug bar to not work properly.
Simpler is always better
Reply
#4

(This post was last modified: 12-15-2022, 04:01 AM by kenjis.)

(12-14-2022, 07:07 PM)donpwinston Wrote: Why is this code reading a javascript file(error_exception.php)?
PHP Code:
<script type="text/javascript" <?= csp_script_nonce() ?>>
        <?= file_get_contents(__DIR__ DIRECTORY_SEPARATOR 'debug.js'?>
</script> 

Why not use:
PHP Code:
<script src="../app/Views/errors/html/debug.js"></script

Because app/Views/errors/html/debug.js is not accessible via HTTP.
Reply
#5

(This post was last modified: 12-15-2022, 06:32 AM by donpwinston.)

(12-15-2022, 04:00 AM)kenjis Wrote:
(12-14-2022, 07:07 PM)donpwinston Wrote: Why is this code reading a javascript file(error_exception.php)?
PHP Code:
<script type="text/javascript" <?= csp_script_nonce() ?>>
        <?= file_get_contents(__DIR__ DIRECTORY_SEPARATOR 'debug.js'?>
</script> 

Why not use:
PHP Code:
<script src="../app/Views/errors/html/debug.js"></script

Because app/Views/errors/html/debug.js is not accessible via HTTP.

Oh that's right. public is the docroot. Maybe consider moving the styles and scripts to the public directory?
Simpler is always better
Reply
#6

Why would you put that kind of debug information in the public root, you shouldn't need in a production environment?
Reply
#7

I always create my folder structure like below:

root
-- app
-- system
-- public_html or public
---- assets
------ css
------ js
------ img
------ images
------ vendor
-------- jquery
------ plugins
-- writable

Then you can access them like below:

Code:
<link href="<?= base_url('assets/css/blog.css'); ?>" rel="stylesheet">

<script src="<?= base_url('assets/vendor/jquery/jquery-3.6.0.min.js'); ?>"></script>
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )
Reply
#8

(This post was last modified: 12-15-2022, 09:18 AM by donpwinston.)

(12-15-2022, 08:54 AM)superior Wrote: Why would you put that kind of debug information in the public root, you shouldn't need in a production environment?

There's also the error_404.php and the production.php

(12-15-2022, 08:57 AM)InsiteFX Wrote: I always create my folder structure like below:

root
-- app
-- system
-- public_html or public
---- assets
------ css
------ js
------ img
------ images
------ vendor
-------- jquery
------ plugins
-- writable

Then you can access them like below:

Code:
<link href="<?= base_url('assets/css/blog.css'); ?>" rel="stylesheet">

<script src="<?= base_url('assets/vendor/jquery/jquery-3.6.0.min.js'); ?>"></script>

Yeah, I do the same. I was complaining about the styles CI already setup to use. They put them in the app/Views/errors/html directory. There's also the Kint styles which is a mess. They should be fetched and not stuck in a style tag.
Simpler is always better
Reply




Theme © iAndrew 2016 - Forum software by © MyBB