diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 5472250c516..8b86b4b56df 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -28,9 +28,7 @@ class ApplicationController < ActionController::Base :self, "'sha256-#{Digest::SHA256.base64digest(Rails.application.importmap.to_json(resolver: ApplicationController.helpers))}'", "https://secure.gaug.es", - "https://www.fastly-insights.com", - "https://unpkg.com/@hotwired/stimulus/dist/stimulus.umd.js", - "https://unpkg.com/stimulus-rails-nested-form/dist/stimulus-rails-nested-form.umd.js" + "https://www.fastly-insights.com" ) end diff --git a/app/javascript/avo.custom.js b/app/javascript/avo.custom.js new file mode 100644 index 00000000000..fc330d184c9 --- /dev/null +++ b/app/javascript/avo.custom.js @@ -0,0 +1,4 @@ +import { application } from "controllers/application" + +import NestedForm from "stimulus-rails-nested-form"; +application.register("nested-form", NestedForm); diff --git a/app/views/avo/partials/_head.html.erb b/app/views/avo/partials/_head.html.erb index 98fa5ee8857..ae35ace68a6 100644 --- a/app/views/avo/partials/_head.html.erb +++ b/app/views/avo/partials/_head.html.erb @@ -1,7 +1 @@ -<%= javascript_tag 'avo.custom', defer: true, type: :module, nonce: true do %> -import * as Stimulus from "https://unpkg.com/@hotwired/stimulus/dist/stimulus.umd.js"; -import * as NestedForm from "https://unpkg.com/stimulus-rails-nested-form/dist/stimulus-rails-nested-form.umd.js"; - -const application = window.Stimulus.Application.start(); -application.register("nested-form", window.StimulusRailsNestedForm); -<% end %> +<%= javascript_importmap_tags "avo.custom" %> diff --git a/config/importmap.rb b/config/importmap.rb index 62b988f63a4..c4acae20adf 100644 --- a/config/importmap.rb +++ b/config/importmap.rb @@ -16,3 +16,7 @@ pin "github-buttons" # vendored from github in the before times, not compatible with newest version without changes pin "webauthn-json" + +# Avo custom JS entrypoint +pin "avo.custom", preload: false +pin "stimulus-rails-nested-form", preload: false # @4.1.0 diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb index af52e1a9434..f332248831b 100644 --- a/config/initializers/content_security_policy.rb +++ b/config/initializers/content_security_policy.rb @@ -12,12 +12,8 @@ policy.object_src :none # NOTE: This scirpt_src is overridden for all requests in ApplicationController # This is the baseline in case the override is ever skipped - policy.script_src :self, - "https://secure.gaug.es", - "https://www.fastly-insights.com", - "https://unpkg.com/@hotwired/stimulus/dist/stimulus.umd.js", - "https://unpkg.com/stimulus-rails-nested-form/dist/stimulus-rails-nested-form.umd.js" - policy.style_src :self, "https://fonts.googleapis.com" + policy.script_src :self, "https://secure.gaug.es", "https://www.fastly-insights.com" + policy.style_src :self, "https://fonts.googleapis.com" policy.connect_src :self, "https://s3-us-west-2.amazonaws.com/rubygems-dumps/", "https://*.fastly-insights.com", "https://fastly-insights.com", "https://api.github.com", "http://localhost:*" policy.form_action :self, "https://github.com/login/oauth/authorize" diff --git a/vendor/javascript/stimulus-rails-nested-form.js b/vendor/javascript/stimulus-rails-nested-form.js new file mode 100644 index 00000000000..69d15ade87c --- /dev/null +++ b/vendor/javascript/stimulus-rails-nested-form.js @@ -0,0 +1,2 @@ +import{Controller as e}from"@hotwired/stimulus";class r extends e{add(e){e.preventDefault();const t=this.templateTarget.innerHTML.replace(/NEW_RECORD/g,(new Date).getTime().toString());this.targetTarget.insertAdjacentHTML("beforebegin",t)}remove(e){e.preventDefault();const t=e.target.closest(this.wrapperSelectorValue);if("true"===t.dataset.newRecord)t.remove();else{t.style.display="none";const e=t.querySelector("input[name*='_destroy']");e.value="1"}}}r.targets=["target","template"];r.values={wrapperSelector:{type:String,default:".nested-form-wrapper"}};export{r as default}; +