(#527)(#528) Support Content Security Policy#529
Merged
Conversation
This adds a few social icons to the safe-list for the @chocolatey-software/ccm package. These will be needed for future functionality.
The changes here will support the enforcement of a Content Security Policy on Chocolatey Central Management. While Chocolatey Central Management is the focus of this, changes will effect multiple packages in choco-theme. For the most part, changes are limited to the addition of new classes so that inline styles are not used. Two libraries have been removed in favor of custom JavaScript. The `block-ui` and `pwstrength-bootstrap` packages internally applied inline styles to elements, which is prohibited for a valid Content Security Policy. These libraries were easily replaced or removed by using custom JavaScript, as seen in the newly added blockUI() and unBlockUI() functions.
st3phhays
force-pushed
the
choco-theme/2.8.0
branch
5 times, most recently
from
1029a2e to
1baa84c
Compare
This removes the jstree library and replaces it with custom styles for the permissions tree in Chocolatey Central Mangaement. The jstree library is being removed because it does not enforce a CSP.
st3phhays
force-pushed
the
choco-theme/2.8.0
branch
from
1baa84c to
b20f649
Compare
This upgrades all packages to their latest minor and patch versions, and bumps choco-theme to 2.8.0.
st3phhays
force-pushed
the
choco-theme/2.8.0
branch
from
b20f649 to
191cb9a
Compare
vexx32
approved these changes
Apr 28, 2026
Member
vexx32
left a comment
vexx32
left a comment
There was a problem hiding this comment.
I think this one's good from a codeowner perspective, although I've not taken it for a spin locally as yet.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description Of Changes
The changes here:
blockUiandpwstrength-bootstrappackages.Motivation and Context
These changes are necessary for the next version of Chocolatey Central Management, and for supporting a Content Security Policy.
Testing
yarnandyarn choco-theme.Operating Systems Testing
Developer VM 4.
Change Types Made
Change Checklist
Related Issue