Fix Vite HMR Content Security Policy rules
Previously the Vite HMR Content Security Policy rules would assume that NGINX were in the loop: the allowed hostname would be the GitLab hostname + `/vite-dev`. However, for users running without NGINX, the browser might try to access the HMR host directly via `localhost` or `127.0.0.1`, which would not be permitted by the current rules. We fix this by using the HMR host set in the Vite GDK helper using the `VITE_HMR_HTTP_URL` and `VITE_HMR_WS_URL` environment variables set there. We need both HTTP and Websocket URLs because Vite will ping the HTTP URL if the Websocket becomes unreachable. Changelog: fixed
显示
- app/controllers/base_action_controller.rb 13 个添加, 9 个删除app/controllers/base_action_controller.rb
- app/helpers/vite_helper.rb 8 个添加, 0 个删除app/helpers/vite_helper.rb
- lib/vite_gdk.rb 5 个添加, 0 个删除lib/vite_gdk.rb
- spec/lib/vite_gdk_spec.rb 3 个添加, 0 个删除spec/lib/vite_gdk_spec.rb
- spec/support/shared_examples/controllers/base_action_controller_shared_examples.rb 13 个添加, 4 个删除...les/controllers/base_action_controller_shared_examples.rb
- spec/support/webmock.rb 1 个添加, 0 个删除spec/support/webmock.rb
加载中
想要评论请 注册 或 登录