Move inline javascript to an asset javascript file

rmosolgo / graphiql-rails

Mount the GraphiQL query editor in a Rails app

MIT License

447 stars 135 forks source link

Move inline javascript to an asset javascript file #62

Closed Abdulwahaab710 closed 5 years ago

Abdulwahaab710 commented 5 years ago

Problem:

Currently if you are using a CSP and you are blocking unsafe-inline for script-src, graphiql won't load due to the inline script tag being blocked in editors_controller#show

Solution:

Move the inline javascript tag to a file and pass all the data through a data attribute

Closes #23

rmosolgo commented 5 years ago

Looks good, thanks for your work on this! I am ... not a CSP expert 😅 !