[openstreetmap/openstreetmap-website] Add Turbo to replace custom JS (PR #4562)
Tom Hughes
notifications at github.com
Wed Mar 20 22:23:21 UTC 2024
@tomhughes commented on this pull request.
> @@ -2,6 +2,7 @@
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<meta name="viewport" content="width=device-width, initial-scale=1">
<%= javascript_include_tag "es6" unless browser.es6? %>
+ <%= javascript_include_tag "turbo", :type => "module" %>
I've been looking and I can't see any obvious solution so it's probably not worth spending any more time on it when we have something that works - the sprockets asset pipeline is kind of deprecated now anyway.
There is a separate problem that I have discovered though, which is that turbo is trying to inject CSS for the progress bar and failing as our CSP rules prohibit inline CSS rules. It has code to work with rails builting security policy support but we're still using secure_headers so https://github.com/openstreetmap/openstreetmap-website/blob/8da80ff471f7d04984ff5abab0c5fe32920330ba/app/views/layouts/_head.html.erb#L14 needs to be removed and replaced with this:
```
<meta name="csp-nonce" content="<%= content_security_policy_style_nonce %>" />
```
which sets the CSP nonce for turbo using secure_headers instead.
--
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/4562#discussion_r1532966036
You are receiving this because you are subscribed to this thread.
Message ID: <openstreetmap/openstreetmap-website/pull/4562/review/1950327055 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20240320/98c3abf4/attachment-0001.htm>
More information about the rails-dev
mailing list