From 986233b7da85b4a54f0af8940120577a029cf7a8 Mon Sep 17 00:00:00 2001 From: Varpusparvi Date: Tue, 9 Jul 2024 14:58:19 +0200 Subject: [PATCH] Adjust readme --- README.md | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index f7c1024..a3d3938 100644 --- a/README.md +++ b/README.md @@ -10,8 +10,8 @@ To use phraseapp-in-context-editor-ruby with your application you have to: -* Sign up for a Phrase account: [https://app.phrase.com/signup](https://app.phrase.com/signup) -* Use the excellent [i18n](https://github.com/ruby-i18n/i18n) gem also used by [Rails](https://guides.rubyonrails.org/i18n.html) +- Sign up for a Phrase account: [https://app.phrase.com/signup](https://app.phrase.com/signup) +- Use the excellent [i18n](https://github.com/ruby-i18n/i18n) gem also used by [Rails](https://guides.rubyonrails.org/i18n.html) ### Demo @@ -21,11 +21,13 @@ Login via the demo credentials `demo@phrase.com` / `phrase` ### Installation #### NOTE: You can not use the old version of the ICE with integration versions of >2.0.0, you have to instead use 1.x.x versions as before + #### via Gem ```bash gem install phraseapp-in-context-editor-ruby ``` + #### via Bundler Add it to your `Gemfile` @@ -84,6 +86,7 @@ Old version of the ICE is not available since version 2.0.0. If you still would #### Using the US Datacenter with ICE In addition to the settings in your `config/initializers/phraseapp_in_context_editor.rb`, set the US datacenter to enable the ICE to work with the US endpoints. + ```ruby config.enabled = true config.project_id = "YOUR_PROJECT_ID" @@ -91,6 +94,18 @@ In addition to the settings in your `config/initializers/phraseapp_in_context_ed config.datacenter = "us" ``` +#### Using with CSP + +The script will automatically get the nonce from `content_security_policy_nonce` +The content_security_policy.rb has to have `:strict_dynamic` for `policy.script_src` and `:unsafe_inline` for `policy.style_src` + +```ruby + policy.script_src :self, :https, :strict_dynamic + policy.style_src :self, :https, :unsafe_inline +``` + +The `config.content_security_policy_nonce_directives = %w[script-src]` can't include `style-src` since we can't add the nonce to dynamically created style tags that our editor creates + ### Browser support This library might not work out of the box for some older browser or IE11. We recommend to add [Babel](https://github.com/babel/babel) to the build pipeline if those browser need to be supported.