mirror of
https://codeberg.org/PostERG/xamxam.git
synced 2026-06-26 00:29:18 +02:00
1ff3c70ebe
- Track vendor JS files (filepond, htmx, overtype) that were moved to app/public/assets/js/vendor/ but never tracked → missing from deploys - Add script-src 'self' 'unsafe-inline' to main CSP header so public pages (jury fieldset, repertoire, partage) can use inline scripts and onclick handlers - Add storage/tmp/filepond/* to .gitignore with .gitkeep, and exclude from deploy rsync to avoid syncing local test uploads to production
17 lines
990 B
Markdown
17 lines
990 B
Markdown
# FilePond Server-ID Refactor
|
|
|
|
- [x] Step 1 — Build 4 PHP endpoints (process.php, revert.php, load.php, remove.php)
|
|
- [x] Step 2 — Update ThesisFileHandler to accept file_ids instead of $_FILES
|
|
- [x] Step 3 — Update file-upload-filepond.js (async server model + all fixes)
|
|
- [x] Step 4 — Update templates (data-queue-type on all inputs, data-existing-files in edit)
|
|
- [x] Step 5 — Update upload-progress.js (new collectFileNames, pending-uploads guard)
|
|
- [ ] Step 6 — QA / integration testing
|
|
- [ ] Step 7 — Cleanup: remove transition flags, remove INPUT_ID_TO_TYPE
|
|
|
|
# CSP & Deploy Fixes (May 2026)
|
|
|
|
- [x] Track vendor JS files in jj (they were moved to vendor/ but never `jj file track`ed)
|
|
- [x] Add `script-src 'self' 'unsafe-inline'` to main CSP header (public pages use inline scripts + onclick handlers)
|
|
- [x] Add `storage/tmp/filepond/*` to .gitignore + rsync exclude, with .gitkeep
|
|
- [ ] Deploy: `just deploy` to sync vendor JS files + updated CSP + .gitkeep to server
|