Modernize our js.erb so we can turn the csp back on
Opened this issue · 1 comments
Thanks for creating an issue! Please fill out this form so we can be sure to have all the information we need, and to minimize back and forth.
- What are we trying to do?
As rails has gotten better about CSPs they've been using UJS/js.erb a lot less. Deprecating webpacker came at the cost of basically shutting our CSP off; as a condition of getting our CSP back we're going to have to come up with a better approach here.
See the discussion in this PR - #2651
-
What feature or behavior is this required for?
CSP, modern rails stack -
How could we solve this issue? (Not knowing is okay!)
Rails seems to be coalescing around a strategy / stack called hotwire, but I'm highly suggestible. Less intensity and a smoother transition would be preferable, bonus to not have to rig up a whole other framework, but man idk.
- Anything else?
Finished a timebox by going thru the guide at https://dev.to/thomasvanholder/how-to-upgrade-migrate-turbolinks-to-hotwire-3e7 and seeing what would happen on the accountants controller. I think generally:
- modals appear to be kinda tricky (bad)
- but hotwire seems pretty easy to set up (good)
- but we do a lot of ujs in both controllers and views (bad)
- but it DOES seem like we might be able to incrementally rewrite things piece by piece (good)
- and our systemtest posture means that we can probably guard against regressions pretty well (good)
I'm gonna try putting up a proof of concept PR and see where it gets us.