Content Security Policy error when connecting to Vite dev server

[jasonfb]

• I have tried upgrading by running bundle update vite_ruby.
• I have read the troubleshooting section before opening an issue.

Description 📖

When loading either using two processes (bin/vite dev + bin/rails s) or using bin/dev, I get this console error:

Refused to connect to 'ws://localhost:3036/vite-dev/' because it violates the following Content Security Policy directive: "default-src 'self' https:". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback.

Reproduction 🐞

will update soon

Vite Ruby Info

3.0

Run bin/rake vite:info and provide the output:

bin/vite present?: true
vite_ruby: 3.3.4
vite_rails: 3.0.15
rails: 7.0.6
node: v20.3.1
npm: 9.6.7
yarn: 1.22.19
pnpm: 
ruby: ruby 3.2.2 (2023-03-30 revision e51014f9c0) [arm64-darwin22]

installed packages:
[email protected] /Users/jason/Work/Momeas/Momeas9
├─┬ [email protected]
│ └── [email protected] deduped
└── [email protected]

Logs 📜

Output

Run DEBUG=vite-plugin-ruby:* bin/vite dev or DEBUG=vite-plugin-ruby:* bin/vite build and provide the output:

Screenshots 📷

[ElMassimo]

Hi Jason!

Check config/initializers/content_security_policy.rb, which should have additional lines injected during installation.

If enabling CSP in development, you'll want to uncomment those lines to ensure the browser can connect to the Vite dev server directly (which is a different origin than the Rails server).

[jasonfb]

I've identified the problem. Annoyingly, this was caused by a rubocop autocorrect, which is hella annoying. I'm just documenting it for others.

please hang on while I am investigating.