fix: track vendor JS files, add 'unsafe-inline' to public CSP, gitignore filepond tmp

- Track vendor JS files (filepond, htmx, overtype) that were moved to app/public/assets/js/vendor/ but never tracked → missing from deploys - Add script-src 'self' 'unsafe-inline' to main CSP header so public pages (jury fieldset, repertoire, partage) can use inline scripts and onclick handlers - Add storage/tmp/filepond/* to .gitignore with .gitkeep, and exclude from deploy rsync to avoid syncing local test uploads to production
2026-06-25 16:19:19 +02:00 · 2026-05-12 10:35:58 +02:00
parent 2e9ebfc684
commit 1ff3c70ebe
5 changed files with 25 additions and 2 deletions
--- a/3
+++ b/3
@@ -41,7 +41,7 @@ deploy:
    # Main deploy (code + assets) then run any pending DB migrations
    rsync -vur --progress --delete \
        --chown="www-data:xamxam" \
-        --exclude 'vendor' \
+        --exclude '/vendor' \
        --exclude 'tests' \
        --exclude '*.md' \
        --exclude '.git*' \
@@ -58,6 +58,7 @@ deploy:
        --exclude 'storage/maintenance.flag' \
        --exclude 'storage/fixtures' \
        --exclude 'storage/docs' \
+        --exclude 'storage/tmp/filepond/*' \
        --exclude 'var/' \
        app/ xamxam:/var/www/xamxam/
    # Deploy nginx config + fix permissions + reload (single server-side run)