Modify Content Security Policy to allow LiveReload when devtools enabled

Question

Modify Content Security Policy to allow LiveReload when devtools enabled

rwinch opened this issue 10 years ago · 2 comments

When Spring Boot's devtools are enabled it would be nice if we could automatically modify the Content Security Policy to allow LiveReload. This will be especially important when Spring Security 4.1 is released which will provide a simple DSL for adding CSP (currently it is only supported through generic header support).

Answer 1 · 2015-09-03T21:30:06.000Z

I had live reload working with Spring Security for the remote case (as we were discussing earlier today). Have you observed differently, or were you thinking of the local case?

PS This issue's in the wrong repo

Answer 2 · 2015-09-03T22:15:57.000Z

@wilkinsona Sorry about that and thanks for catching this is in the wrong repo. I've created spring-projects/spring-boot#3894 to replace this issue.

In regards to your question....this is not an issue unless someone is using Content Security Policy. I have included additional details on the other issue that will hopefully clarify. Let's move any additional discussion there.