You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
At the moment WebCord provides a reasonable set of builtin CSP to be enabled and disabled. However, when adding custom themes, one may want to allow further domains.
Suggestions
Add the option to write custom CSP rules in order to add more domains to the allowlist.
This should probably clearly warn the user that they reduce the security and should never paste in random stuff.
Alternatives
The theme could be patched as to not require online resources.
Additional Context
Clear Vision is a custom Discord theme which claims to be "auto updating" - in reality this means they @import the actual theme, and the CSS file you download is just a kind of configuration file. Additionally it also loads some icons from custom domains.
The text was updated successfully, but these errors were encountered:
After a bit of reading through WebCord's source code I noticed it actually handles @imports. So the theme actually broke because of url(...) referencing external images. Maybe these could be substituted in a similar way as imports by converting them to data uri's?
Description
At the moment WebCord provides a reasonable set of builtin CSP to be enabled and disabled. However, when adding custom themes, one may want to allow further domains.
Suggestions
Add the option to write custom CSP rules in order to add more domains to the allowlist.
This should probably clearly warn the user that they reduce the security and should never paste in random stuff.
Alternatives
The theme could be patched as to not require online resources.
Additional Context
Clear Vision is a custom Discord theme which claims to be "auto updating" - in reality this means they
@import
the actual theme, and the CSS file you download is just a kind of configuration file. Additionally it also loads some icons from custom domains.The text was updated successfully, but these errors were encountered: