Closed unsay closed 4 months ago
In general, I agree, we don't gain much from a CDN for the libs/resources we have. It does, however, lower management/maintenance surface area for the Rails Asset Pipeline (albeit requiring a network connection for development).
Given Rails 5.2 was EOL June 2022 and Ruby 2.7 was EOL March 2023, I think focusing on those then bringing the JS libs in-line with the current JS/Rails model is where we might want to spend some effort.
@experimatt I will change the referenced library to include the SRI hash, which may be enough to securely pin in while we address the larger discussion.
@experimatt Good to go.
When adding presenters, the JavaScript library does not pass the unique ID, but the person's name to the server. The server then does a lookup using the name, returning the first result.
https://github.com/minnestar/sessionizer/blob/37a8eaa6903c965f80e06b8f73a9f8a2bef15a44/src/app/controllers/presentations_controller.rb#L11-L14
I don't know PostgreSQL's internals well; though I suspect it will return the lowest ID (i.e. oldest account) -- meaning people with duplicate accounts will probably "never accept the CoC".
Resolution
I don't want to yak-shave the Rails Asset Pipeline, so I'm linking to a CDN with a POJO autocomplete library.
This fixes an issue so at least the person selected does not break the application. Further discussion in #300 to address duplicate names.
refs #300 closes #304 closes #265 closes #264 refs #120 closes #261 (winning)