Skip to content

Fix using javascript_importmap_tag in console #139

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 15, 2022
Merged

Fix using javascript_importmap_tag in console #139

merged 1 commit into from
Jul 15, 2022

Conversation

skipkayhil
Copy link
Member

@skipkayhil skipkayhil commented Jul 5, 2022
edited
Loading

Summary

Previously this would error because there is no request object in the
console for content_security_policy_nonce to be called on.

Other information

This is based on #138 which should be merged first ✔️

Fixes rails/rails#44809

@skipkayhil
Fix using javascript_importmap_tag in console
3f716fd 
Previously this would error because there is no request object in the
console for `content_security_policy_nonce` to be called on.
@skipkayhil skipkayhil force-pushed the fix-importmap-tag-in-console branch from 1c811f3 to 3f716fd Compare July 6, 2022 23:58
@dhh dhh merged commit 243fbfb into rails:main Jul 15, 2022
@skipkayhil skipkayhil deleted the fix-importmap-tag-in-console branch July 15, 2022 00:43
rmacklin
rmacklin reviewed Jul 15, 2022
View reviewed changes
Copy link
Contributor

@rmacklin rmacklin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like some of these changes may have accidentally swapped content_security_policy_nonce with content_security_policy

app/helpers/importmap/importmap_tags_helper.rb
@@ -14,12 +14,12 @@ def javascript_importmap_tags(entry_point = "application", shim: true)
# By default, `Rails.application.importmap.to_json(resolver: self)` is used.
def javascript_inline_importmap_tag(importmap_json = Rails.application.importmap.to_json(resolver: self))
tag.script importmap_json.html_safe,
type: "importmap", "data-turbo-track": "reload", nonce: content_security_policy_nonce
type: "importmap", "data-turbo-track": "reload", nonce: request&.content_security_policy
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't this be

Suggested change
type: "importmap", "data-turbo-track": "reload", nonce: request&.content_security_policy
type: "importmap", "data-turbo-track": "reload", nonce: request&.content_security_policy_nonce

?

app/helpers/importmap/importmap_tags_helper.rb
@@ -28,14 +28,14 @@ def javascript_importmap_shim_nonce_configuration_tag
# Include the es-modules-shim needed to make importmaps work in browsers without native support (like Firefox + Safari).
def javascript_importmap_shim_tag(minimized: true)
javascript_include_tag minimized ? "es-module-shims.min.js" : "es-module-shims.js",
async: true, "data-turbo-track": "reload", nonce: content_security_policy_nonce
async: true, "data-turbo-track": "reload", nonce: request&.content_security_policy
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

And similarly

Suggested change
async: true, "data-turbo-track": "reload", nonce: request&.content_security_policy
async: true, "data-turbo-track": "reload", nonce: request&.content_security_policy_nonce

app/helpers/importmap/importmap_tags_helper.rb
end

# Import a named JavaScript module(s) using a script-module tag.
def javascript_import_module_tag(*module_names)
imports = Array(module_names).collect { |m| %(import "#{m}") }.join("\n")
tag.script imports.html_safe,
type: "module", nonce: content_security_policy_nonce
type: "module", nonce: request&.content_security_policy
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

And similarly

Suggested change
type: "module", nonce: request&.content_security_policy
type: "module", nonce: request&.content_security_policy_nonce

app/helpers/importmap/importmap_tags_helper.rb
@@ -48,7 +48,7 @@ def javascript_importmap_module_preload_tags(importmap = Rails.application.impor
# Link tag(s) for preloading the JavaScript module residing in `*paths`. Will return one link tag per path element.
def javascript_module_preload_tag(*paths)
safe_join(Array(paths).collect { |path|
tag.link rel: "modulepreload", href: path, nonce: content_security_policy_nonce
tag.link rel: "modulepreload", href: path, nonce: request&.content_security_policy
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

And similarly

Suggested change
tag.link rel: "modulepreload", href: path, nonce: request&.content_security_policy
tag.link rel: "modulepreload", href: path, nonce: request&.content_security_policy_nonce

This was referenced Jul 15, 2022
Closed
Merged
@rmacklin
Copy link
Contributor

I've opened #143 with the above changes.

As mentioned there, we should ideally backfill test coverage that exercises this properly so that CI would catch this type of bug. I don't currently have the bandwidth to do that, but if you do, please feel free to open a follow-up PR!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rmacklin rmacklin rmacklin left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Rails 7: Can not call javascript_importmap_tags from console
3 participants
@skipkayhil @rmacklin @dhh