Skip to content

Experiment: add turbo_stream to path visit #1503

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
lenikadali wants to merge 3 commits into from
Closed

Experiment: add turbo_stream to path visit #1503

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
c69ec03
Enable Content Security Policy for AWBW
lenikadali Apr 24, 2026
4781727
chore: Update Devise to pass bundler-audit check
lenikadali May 21, 2026
30d5cf8
Experiment: add turbo_stream to path visit
lenikadali May 22, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion Gemfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ gem "vite_rails"
gem "jquery-rails"
gem "jbuilder", "~> 2.0"

gem "devise", "~> 5.0.3"
gem "devise", "~> 5.0.4"
gem "draper"
gem "aws-sdk-s3"

Expand Down
6 changes: 3 additions & 3 deletions Gemfile.lock
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -177,7 +177,7 @@ GEM
reline (>= 0.3.8)
debug_inspector (1.2.0)
device_detector (1.1.3)
devise (5.0.3)
devise (5.0.4)
bcrypt (~> 3.0)
orm_adapter (~> 0.1)
railties (>= 7.0)
Expand Down Expand Up @@ -779,7 +779,7 @@ DEPENDENCIES
cocoon (~> 1.2.6)
country_select
debug (~> 1.11)
devise (~> 5.0.3)
devise (~> 5.0.4)
dotenv-rails
draper
factory_bot_rails
Expand Down Expand Up @@ -878,7 +878,7 @@ CHECKSUMS
debug (1.11.1) sha256=2e0b0ac6119f2207a6f8ac7d4a73ca8eb4e440f64da0a3136c30343146e952b6
debug_inspector (1.2.0) sha256=9bdfa02eebc3da163833e6a89b154084232f5766087e59573b70521c77ea68a2
device_detector (1.1.3) sha256=c5fe3fe42cab2e8aa01f193b2074b8bb1510373ce47127206f28c7dea75a9c79
devise (5.0.3) sha256=c4c065051cdc4ace11547b2b7f5c3c4c97d0f1269250f5fe90f614ff78f29546
devise (5.0.4) sha256=d605f2b85854e74e56ee789e2d398702bc2d06e6bcd894717a670a3199c74cc1
diff-lcs (1.6.2) sha256=9ae0d2cba7d4df3075fe8cd8602a8604993efc0dfa934cff568969efb1909962
docile (1.4.1) sha256=96159be799bfa73cdb721b840e9802126e4e03dfc26863db73647204c727f21e
domain_name (0.6.20240107) sha256=5f693b2215708476517479bf2b3802e49068ad82167bcd2286f899536a17d933
Expand Down
44 changes: 13 additions & 31 deletions config/initializers/content_security_policy.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,34 +4,16 @@
# See the Securing Rails Applications Guide for more information:
# https://guides.rubyonrails.org/security.html#content-security-policy-header

# Rails.application.configure do
# config.content_security_policy do |policy|
# policy.default_src :self, :https
# policy.font_src :self, :https, :data
# policy.img_src :self, :https, :data
# policy.object_src :none
# policy.script_src :self, :https
# # Allow @vite/client to hot reload javascript changes in development
# # policy.script_src *policy.script_src, :unsafe_eval, "http://#{ ViteRuby.config.host_with_port }" if Rails.env.development?
# # You may need to enable this in production as well depending on your setup.
# # policy.script_src *policy.script_src, :blob if Rails.env.test?
# policy.style_src :self, :https
# # Allow @vite/client to hot reload style changes in development
# # policy.style_src *policy.style_src, :unsafe_inline if Rails.env.development?
# # Allow @vite/client to hot reload changes in development
# # policy.connect_src *policy.connect_src, "ws://#{ ViteRuby.config.host_with_port }" if Rails.env.development?
# # Specify URI for violation reports
# # policy.report_uri "/csp-violation-report-endpoint"
# end
#
# # Generate session nonces for permitted importmap, inline scripts, and inline styles.
# config.content_security_policy_nonce_generator = ->(request) { request.session.id.to_s }
# config.content_security_policy_nonce_directives = %w(script-src style-src)
#
# # Automatically add `nonce` to `javascript_tag`, `javascript_include_tag`, and `stylesheet_link_tag`
# # if the corresponding directives are specified in `content_security_policy_nonce_directives`.
# # config.content_security_policy_nonce_auto = true
#
# # Report violations without enforcing the policy.
# # config.content_security_policy_report_only = true
# end
Rails.application.configure do
config.content_security_policy do |policy|
policy.default_src :self, :https
policy.font_src :self, :https, :data
policy.img_src :self, :https, :data
policy.object_src :none
policy.script_src :self, :https
# Specify URI for violation reports
policy.report_uri "/csp-violation-report-endpoint"
end
# Report violations without enforcing the policy.
config.content_security_policy_report_only = true
end
2 changes: 1 addition & 1 deletion spec/system/stories_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -120,7 +120,7 @@
adult_window = create(:windows_type, :adult)
story = create(:story, title: "Old Title", windows_type: adult_window, created_by: user)

visit edit_story_path(story)
visit edit_story_path(format: :turbo_stream, subaction: :update)

within("#edit_story_#{story.id}") do
fill_in "Title", with: "A New Title"
Expand Down
Loading