<p></p>
<p><b>@tomhughes</b> commented on this pull request.</p>

<hr>

<p>In <a href="https://github.com/openstreetmap/openstreetmap-website/pull/4562#discussion_r1532966036">app/views/layouts/_head.html.erb</a>:</p>
<pre style='color:#555'>> @@ -2,6 +2,7 @@
   <meta http-equiv="X-UA-Compatible" content="IE=edge" />
   <meta name="viewport" content="width=device-width, initial-scale=1">
   <%= javascript_include_tag "es6" unless browser.es6? %>
+  <%= javascript_include_tag "turbo", :type => "module" %>
</pre>
<p dir="auto">I've been looking and I can't see any obvious solution so it's probably not worth spending any more time on it when we have something that works - the sprockets asset pipeline is kind of deprecated now anyway.</p>
<p dir="auto">There is a separate problem that I have discovered though, which is that turbo is trying to inject CSS for the progress bar and failing as our CSP rules prohibit inline CSS rules. It has code to work with rails builting security policy support but we're still using secure_headers so <a href="https://github.com/openstreetmap/openstreetmap-website/blob/8da80ff471f7d04984ff5abab0c5fe32920330ba/app/views/layouts/_head.html.erb#L14">https://github.com/openstreetmap/openstreetmap-website/blob/8da80ff471f7d04984ff5abab0c5fe32920330ba/app/views/layouts/_head.html.erb#L14</a> needs to be removed and replaced with this:</p>
<pre class="notranslate"><code class="notranslate"><meta name="csp-nonce" content="<%= content_security_policy_style_nonce %>" />
</code></pre>
<p dir="auto">which sets the CSP nonce for turbo using secure_headers instead.</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br />Reply to this email directly, <a href="https://github.com/openstreetmap/openstreetmap-website/pull/4562#discussion_r1532966036">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AAK2OLO7VHLC5EKL5ECWI2LYZID5TAVCNFSM6AAAAABEIVPY5KVHI2DSMVQWIX3LMV43YUDVNRWFEZLROVSXG5CSMV3GSZLXHMYTSNJQGMZDOMBVGU">unsubscribe</a>.<br />You are receiving this because you are subscribed to this thread.<img src="https://github.com/notifications/beacon/AAK2OLIQ4D7IZK77OWFV5I3YZID5TA5CNFSM6AAAAABEIVPY5KWGG33NNVSW45C7OR4XAZNRKB2WY3CSMVYXKZLTORJGK5TJMV32UY3PNVWWK3TUL5UWJTTUH6QQ6.gif" height="1" width="1" alt="" /><span style="color: transparent; font-size: 0; display: none; visibility: hidden; overflow: hidden; opacity: 0; width: 0; height: 0; max-width: 0; max-height: 0; mso-hide: all">Message ID: <span><openstreetmap/openstreetmap-website/pull/4562/review/1950327055</span><span>@</span><span>github</span><span>.</span><span>com></span></span></p>
<script type="application/ld+json">[
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"target": "https://github.com/openstreetmap/openstreetmap-website/pull/4562#discussion_r1532966036",
"url": "https://github.com/openstreetmap/openstreetmap-website/pull/4562#discussion_r1532966036",
"name": "View Pull Request"
},
"description": "View this Pull Request on GitHub",
"publisher": {
"@type": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
}
]</script>