Closed nathany-copia closed 10 months ago
Is there any way that Phoenix.LiveReload can be reworked to not require unsafe-inline?
I don't know from the top of my head, feel free to give it a try.
Barring that, what would be the appropriate way to configure code reloading without the live reloading portion? I'
You can just remove LiveReloader from lib/my_app/endpoint.ex :)
Removing plug Phoenix.LiveReloader
seemed to do the trick.
Do we need to keep socket "/phoenix/live_reload/socket", Phoenix.LiveReloader.Socket
and phoenix_live_reload
?
Some of my updates to endpoint.ex resulted in performance issues. I haven't yet narrowed it down.
It was either the removal of the Phoenix.LiveReloader.Socket
or the addition of CheckRepoStatus
:
plug Phoenix.Ecto.CheckRepoStatus,
otp_app: :myapp,
migration_lock: :pg_advisory_lock,
migration_paths: &MyApp.Release.migration_paths/1
I'll try to narrow it down and report back.
You can remove the socket and phoenix_live_reload.
You still want to keep both CodeReloader
and CheckRepoStatus
inside the if code_loading? do
block. They do affect performance but should only run in dev.
Closing this, I beleive it is address!
When configuring CORS, Phoenix.LiveReload requires a
script_src
of'unsafe-inline'
to allow JavaScript to be injected.This is less than ideal, because it introduces a discrepancy between the development environment and what one may reasonable want to do in production. E.g. If someone adds other inline JavaScript into the codebase, it will work locally in development, but cause a CORS violation when deployed.
Is there any way that Phoenix.LiveReload can be reworked to not require unsafe-inline?
Barring that, what would be the appropriate way to configure code reloading without the live reloading portion? I've done some experimentation, but clear guidance would be appreciated.