I am using 'trix-rails' gem in a Ruby on Rails project. I need to make the project abide to no unsafe-inline CSP, but I have problems with the two style tags generated by trix in the header.
I am using trix-rails as per the instructions:
...
//= require trix
//= require_tree .
...
... in my assets/javascript/application.js
I think that triggers the following file's execution: https://github.com/basecamp/trix/blob/custom-elements-v1/src/trix/core/helpers/custom_elements.coffee, which inserts two inline style tags into the DOM:
Now I know that the latest version of trix-editor comes with the capability of addinga nonce to these tags, but unfortunately trix-rails uses v.1.3.1. There is the possibility of introducing ActionText but I'd like to keep code changes (and database changes) to the minimum.
I have extracted the css to a seperate file but cannot get rid of the tags. There was a suggestion to use Trix.config for that but I can't figure out how to do it. Any suggestions?
I ended up adding trix@2.0.10 to package.json, removing the //= require trix line from assets/javscripts/application.js and adding import Trix from 'trix' to javascript/packs/application.js and it works fine.
PS. @murb, We use both ways for there's too much legacy code depending on old gems, unfortunately.
