Skip to content

Remove __riverUiBasePath and __riverUiAssetUrl global functions #382

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
bgentry merged 4 commits into from
Aug 16, 2025
Merged

Remove __riverUiBasePath and __riverUiAssetUrl global functions #382

bgentry merged 4 commits into from
Aug 16, 2025

Conversation

@jmfederico
Copy link
Contributor

@jmfederico jmfederico commented Jul 24, 2025

Replace global function usage with config JSON approach to eliminate CSP issues.

  • Remove global function definitions from index.html
  • Update App.tsx to read basepath from config__json element
  • Remove global function type definitions from TypeScript types
  • Maintain backward compatibility by falling back to '/' if config unavailable

This change eliminates Content Security Policy problems by removing the need for inline script execution while preserving all existing functionality.

@bgentry bgentry requested a review from Copilot July 24, 2025 14:28
Copilot AI reviewed Jul 24, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR eliminates Content Security Policy issues by replacing global JavaScript functions with a JSON configuration approach for path resolution. The change removes inline script execution while maintaining the same functionality for determining the application's base path.

  • Remove global __riverUiBasePath and __riverUiAssetUrl functions from index.html
  • Replace global function usage with a getBasePath() function that reads from JSON config
  • Update changelog to document the CSP-related fix

Reviewed Changes

Copilot reviewed 3 out of 4 changed files in this pull request and generated 1 comment.

File Description
src/App.tsx Adds getBasePath() function to read base path from JSON config instead of global functions
public/index.html Removes inline script defining global functions
CHANGELOG.md Documents the removal of global functions for CSP compliance

bgentry
bgentry reviewed Jul 24, 2025
View reviewed changes
Copy link
Contributor

@bgentry bgentry left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @jmfederico! I think I'm going to have to test this locally to make sure all the scenarios work fine as that doesn't all have great coverage yet.

Meanwhile, could you please add yourself to the CLA? 🙏

@jmfederico
Copy link
Contributor Author

jmfederico commented Jul 24, 2025

@bgentry riverqueue/rivercla#14

@jmfederico jmfederico requested a review from bgentry July 24, 2025 20:51
@jmfederico
Copy link
Contributor Author

jmfederico commented Aug 9, 2025

Hi!

Is there anyway I can help with making this PR move forward?

bgentry
bgentry approved these changes Aug 16, 2025
View reviewed changes
Copy link
Contributor

@bgentry bgentry left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Apologies for the delay on this! I was pretty heads down trying to get #379 and a whole bunch of supporting infra shipped.

This will go out in the next release shortly. Thank you so much for reporting and fixing!

Federico Jaramillo Martinez and others added 4 commits August 16, 2025 14:28
@bgentry
Remove __riverUiBasePath and __riverUiAssetUrl global functions
fa012fa 
Replace global function usage with config JSON approach to eliminate CSP issues.

- Remove global function definitions from index.html
- Update App.tsx to read basepath from config__json element
- Remove global function type definitions from TypeScript types
- Maintain backward compatibility by falling back to '/' if config unavailable

This change eliminates Content Security Policy problems by removing the need for
inline script execution while preserving all existing functionality.
@bgentry
Remove unnecessary Window interface declaration
da4f66a 
Since we no longer have any global window functions, the Window interface
extension is not needed anymore.
@bgentry
Add changelog entry for CSP fix
fbbdee9 
Document the removal of global functions that eliminates Content Security
Policy issues in the Unreleased section.
@jmfederico @bgentry
Link PR in Changelog
06be292
@bgentry bgentry force-pushed the remove-global-functions branch from e16998e to 06be292 Compare August 16, 2025 19:29
@bgentry bgentry merged commit bd694a5 into riverqueue:master Aug 16, 2025
@jmfederico jmfederico deleted the remove-global-functions branch August 28, 2025 08:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@bgentry bgentry bgentry approved these changes

Assignees

@bgentry bgentry

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jmfederico @bgentry