CSP and Alameda
The AMD pattern is a popular module pattern in Web app development. Since developing apps for Firefox OS, we used a famous AMD library: requirejs. And following the author’s suggestion, we included the minified version, alameda.
With the support of alameda, the app development is quite simple and modulized. We are very happy to see this. But it goes wrong in the reviewing result. We got a denial on the app submission because of CSP.
CSP is content security policy. We didn’t konw it very well. Just know that the following are prohibited:
2. cross site scripting
3. cross site XHR
4. inline script
5. and more…
But the reviewing message says alameda used the “eval” function. That’s the main reason of denial. It’s a little funny to deny an app because it uses popular libraries.
After few investigations, we found we should use r.js to optimize our app and use almond.js to be the loader. Everything is fixed by using the following command:
node r.js -o baseUrl=. name=path/to/almond.js include=main insertRequire=main out=main-built.js wrap=true
And all CSP violations are gone.