Prevent loading remote script #86
Description
I found that latest version uses remote dependency, which is insecure in my app:
https://cdn.jsdelivr.net/npm/@floating-ui/dom@1.7.4/+esm
Content-Security-Policy: The page’s settings blocked a script (script-src-elem) at https://cdn.jsdelivr.net/npm/@floating-ui/dom@1.7.4/+esm from being executed because it violates the following directive: “script-src 'self' 'unsafe-eval'” [overtype.min.js:3:1](http://127.0.0.1:3001/static/js/overtype.min.js?v=0.9.0-alpha.1%20line%20885%20%3E%20Function)
Where can I find standalone build instead of this one?
UPD. installed these scripts locally - no results
https://floating-ui.com/docs/getting-started#umd
Subject fragment:
// https://github.com/panphora/overtype/blob/main/dist/overtype.js
async init() {
const supportsAnchorPositioning = CSS.supports("position-anchor: --x") && CSS.supports("position-area: center");
if (!supportsAnchorPositioning) {
try {
const importFn = new Function("url", "return import(url)");
const { computePosition, offset, shift, flip } = await importFn(
"https://cdn.jsdelivr.net/npm/@floating-ui/dom@1.7.4/+esm"
);
this.floatingUI = { computePosition, offset, shift, flip };
this.useFloatingUI = true;
} catch (error) {
console.warn("Failed to load Floating UI fallback:", error);
this.floatingUI = null;
this.useFloatingUI = false;
}
}