Closed nathany-copia closed 10 months ago
josevalim
commented
10 months ago Is there any way that Phoenix.LiveReload can be reworked to not require unsafe-inline?
I don't know from the top of my head, feel free to give it a try.
Barring that, what would be the appropriate way to configure code reloading without the live reloading portion? I'
You can just remove LiveReloader from lib/my_app/endpoint.ex :)
nathany-copia
commented
10 months ago Removing plug Phoenix.LiveReloader seemed to do the trick.
Do we need to keep socket "/phoenix/live_reload/socket", Phoenix.LiveReloader.Socket and phoenix_live_reload?
Some of my updates to endpoint.ex resulted in performance issues. I haven't yet narrowed it down.
It was either the removal of the Phoenix.LiveReloader.Socket or the addition of CheckRepoStatus:
plug Phoenix.Ecto.CheckRepoStatus,
otp_app: :myapp,
migration_lock: :pg_advisory_lock,
migration_paths: &MyApp.Release.migration_paths/1I'll try to narrow it down and report back.
josevalim
commented
10 months ago You can remove the socket and phoenix_live_reload.
You still want to keep both CodeReloader and CheckRepoStatus inside the if code_loading? do block. They do affect performance but should only run in dev.
josevalim
commented
10 months ago Closing this, I beleive it is address!
When configuring CORS, Phoenix.LiveReload requires a
script_srcof'unsafe-inline'to allow JavaScript to be injected.This is less than ideal, because it introduces a discrepancy between the development environment and what one may reasonable want to do in production. E.g. If someone adds other inline JavaScript into the codebase, it will work locally in development, but cause a CORS violation when deployed.
Is there any way that Phoenix.LiveReload can be reworked to not require unsafe-inline?
Barring that, what would be the appropriate way to configure code reloading without the live reloading portion? I've done some experimentation, but clear guidance would be appreciated.