Demos and Security Policy (#225)

* demos * security policy added
2025-04-29 16:36:11 +08:00 · 2023-05-14 22:18:37 +02:00 · 2023-05-14 22:18:37 +02:00 · 839db53f1f
commit 839db53f1f
parent 4e79716a55
2 changed files with 17 additions and 5 deletions
--- a/src/00/z2ui5_cl_app_demo_48.clas.abap
+++ b/src/00/z2ui5_cl_app_demo_48.clas.abap
@ -64,6 +64,9 @@ CLASS z2ui5_cl_app_demo_48 IMPLEMENTATION.
            navbuttonpress = client->_event( 'BACK' )
              shownavbutton = abap_true
            )->header_content(
+                  )->link(
+                    text = 'Demo'  target = '_blank'
+                    href = `https://twitter.com/OblomovDev/status/1657279838586109953`
                )->link(
                    text = 'Source_Code'  target = '_blank'
                    href = z2ui5_cl_xml_view=>hlp_get_source_code_url( app = me get = client->get( ) )
--- a/src/z2ui5_cl_http_handler.clas.abap
+++ b/src/z2ui5_cl_http_handler.clas.abap
@ -21,9 +21,10 @@ CLASS z2ui5_cl_http_handler DEFINITION
      IMPORTING
        title                   TYPE clike DEFAULT `abap2UI5`
        t_config                TYPE z2ui5_if_client=>ty_t_name_value OPTIONAL
+        content_security_policy TYPE clike OPTIONAL
        check_logging           TYPE abap_bool DEFAULT abap_false
      RETURNING
-        VALUE(r_result) TYPE string ##NEEDED.
+        VALUE(r_result)         TYPE string.

    CLASS-METHODS http_post
      RETURNING
@ -36,7 +37,7 @@ ENDCLASS.



-CLASS Z2UI5_CL_HTTP_HANDLER IMPLEMENTATION.
+CLASS z2ui5_cl_http_handler IMPLEMENTATION.


  METHOD http_post.
@ -75,6 +76,7 @@ CLASS Z2UI5_CL_HTTP_HANDLER IMPLEMENTATION.
  METHOD http_get.

    DATA(lt_Config) = t_config.
+
    IF lt_config IS INITIAL.
      lt_config = VALUE #(
        (  name = `data-sap-ui-theme`         value = `sap_horizon` )
@ -86,12 +88,19 @@ CLASS Z2UI5_CL_HTTP_HANDLER IMPLEMENTATION.
          ).
    ENDIF.

+    IF content_security_policy IS NOT SUPPLIED.
+      DATA(lv_sec_policy) = `<meta http-equiv="Content-Security-Policy" content="default-src 'self' 'unsafe-inline' 'unsafe-eval' ui5.sap.com *.ui5.sap.com sdk.openui5.org *.sdk.openui5.org cdn.jsdelivr.net *.cdn.jsdelivr.net"/>`.
+    ELSE.
+      lv_sec_policy = content_security_policy.
+    ENDIF.
+
    DATA(lv_url) = z2ui5_lcl_utility=>get_header_val( '~path' ).
    DATA(lv_app) = z2ui5_lcl_utility=>get_param_val( 'app' ).
    z2ui5_lcl_fw_db=>cleanup( ).

    r_result = `<html>` && |\n| &&
               `<head>` && |\n| &&
+                  lv_sec_policy && |\n| &&
               `    <meta charset="UTF-8">` && |\n|  &&
               `    <meta name="viewport" content="width=device-width, initial-scale=1.0">` && |\n|  &&
               `    <meta http-equiv="X-UA-Compatible" content="IE=edge">` && |\n| &&