From 7b769a76731a49fa3a65d12923623c060a90a2c5 Mon Sep 17 00:00:00 2001 From: Sebastian Serth Date: Sat, 13 Apr 2024 18:28:41 +0200 Subject: [PATCH] Enable strict CSP support for ACE With these changes, ACE no longer requires custom inline styles, removing one further dependency from our CSP style list. --- app/javascript/application.js | 1 + app/javascript/stylesheets.scss | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/app/javascript/application.js b/app/javascript/application.js index f8e158c0..487e82fe 100644 --- a/app/javascript/application.js +++ b/app/javascript/application.js @@ -85,4 +85,5 @@ import "ace-builds/webpack-resolver"; // Enable webpack resolver, requires `file // Enable ACE editor extensions. See https://github.com/ajaxorg/ace/wiki/Extensions import "ace-builds/src-noconflict/ext-language_tools"; // Enable autocompletion import "ace-builds/src-noconflict/ext-modelist"; // Enable language mode detection +ace.config.set("useStrictCSP", true); // Enable strict CSP mode window.ace = ace; // Publish ace in global namespace diff --git a/app/javascript/stylesheets.scss b/app/javascript/stylesheets.scss index a57349e6..710de771 100644 --- a/app/javascript/stylesheets.scss +++ b/app/javascript/stylesheets.scss @@ -12,6 +12,12 @@ $web-font-path: '//'; @import '~bootstrap/scss/bootstrap'; @import '~bootswatch/dist/yeti/bootswatch'; +// Import the Ace editor styles +@import url('~ace-builds/css/ace.css'); +@import url('~ace-builds/css/theme/tomorrow.css'); +@import url('~ace-builds/css/theme/tomorrow_night.css'); + + // We define our own button style here, since `btn-outline-dark` and `btn-outline-light` do not switch colors. html[data-bs-theme="dark"] { .btn-outline-contrast {