From 37645d3df2cf669c1f84d0ecb8cab9ed12dec816 Mon Sep 17 00:00:00 2001
From: Pierre de La Morinerie <kemenaran@gmail.com>
Date: Mon, 20 Apr 2020 17:24:16 +0200
Subject: [PATCH] config: fix (again) the CSP when running a LiveReload server
 locally

When running the app using `bin/webpack-dev-server` (the external
(and fast) assets server), LiveReload is used. We need to explicitely
allow the LiveReload connections in the CSP policy.

Turns out we now need to specify the protocol explicitely.
---
 config/initializers/content_security_policy.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb
index 0f48a942b..4c0a47886 100644
--- a/config/initializers/content_security_policy.rb
+++ b/config/initializers/content_security_policy.rb
@@ -17,6 +17,6 @@ Rails.application.config.content_security_policy do |policy|
     # pour détecter les erreurs lors de l'ajout d'une nouvelle brique externe durant le développement
     policy.report_uri "http://#{ENV['APP_HOST']}/csp/"
     # En développement, quand bin/webpack-dev-server est utilisé, on autorise les requêtes faites par le live-reload
-    policy.connect_src(*policy.connect_src, "ws://localhost:3035", "localhost:3035")
+    policy.connect_src(*policy.connect_src, "ws://localhost:3035", "http://localhost:3035")
   end
 end