Add sha-256 hash for toggling dark theme code and remove inlined phoenix digest

Follow-up to !1300 Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2022-11-02 11:36:32 +01:00 · 2022-11-02 11:36:32 +01:00 · a1726fc12e
commit a1726fc12e
parent c8d5bdd4af
3 changed files with 3 additions and 3 deletions
--- a/lib/web/plugs/http_security_plug.ex
+++ b/lib/web/plugs/http_security_plug.ex
@ -85,7 +85,8 @@ defmodule Mobilizon.Web.Plugs.HTTPSecurityPlug do
      else
        [
          @script_src,
-          "'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' "
+          "'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' ",
+          "'sha256-zJdRXhLWm9NGI6BFr+sNmHBBrjAdJdFr7MpUq0EwK58=' "
        ]
      end

--- a/lib/web/templates/page/index.html.heex
+++ b/lib/web/templates/page/index.html.heex
@ -20,7 +20,6 @@
      <link rel="preload" href="/img/shape-3.svg" as="image" />
    <% end %>
    <%= tags(assigns) || assigns.tags %>
-    <%= Vite.inlined_phx_manifest() %>
    <%= Vite.vite_client() %>
    <%= Vite.vite_snippet("src/main.ts") %>
  </head>
--- a/test/web/plugs/http_security_plug_test.exs
+++ b/test/web/plugs/http_security_plug_test.exs
@ -73,7 +73,7 @@ defmodule Mobilizon.Web.Plugs.HTTPSecurityPlugTest do
      [csp] = Conn.get_resp_header(conn, "content-security-policy")

      assert csp =~
-               ~r/script-src 'self' 'unsafe-eval' 'sha256-[\w+\/=]*' example.com matomo.example.com  ;/
+               ~r/script-src 'self' 'unsafe-eval' 'sha256-[\w+\/=]*' 'sha256-[\w+\/=]*' example.com matomo.example.com  ;/
    end
  end