hackily fixes HMR on dev again

.devcontainer/compose.yaml

@@ -9,6 +9,7 @@ services:
     environment:
       RAILS_ENV: development
       NODE_ENV: development
+      VITE_RUBY_HOST: 0.0.0.0
       BIND: 0.0.0.0
       BOOTSNAP_CACHE_DIR: /tmp
       REDIS_HOST: redis
@@ -27,6 +28,7 @@ services:
     ports:
       - '3000:3000'
       - '3035:3035'
+      - '3036:3036'
       - '4000:4000'
     networks:
       - external_network

config/initializers/content_security_policy.rb

@@ -31,7 +31,8 @@ Rails.application.config.content_security_policy do |p|
   p.worker_src :self, :blob, assets_host
 
   if Rails.env.development?
-    front_end_build_urls = %w(ws http).map { |protocol| "#{protocol}#{ViteRuby.config.https ? 's' : ''}://#{ViteRuby.config.host_with_port}" }
+    # Hacky solution to force CSP to correctly allow localhost, even if ViteRuby is bound to 0.0.0.0.
+    front_end_build_urls = %w(ws http).map { |protocol| "#{protocol}#{ViteRuby.config.https ? 's' : ''}://localhost:#{ViteRuby.config.port}" }
 
     p.connect_src :self, :data, :blob, *media_hosts, Rails.configuration.x.streaming_api_base_url, *front_end_build_urls
     p.script_src  :self, :unsafe_inline, :unsafe_eval, assets_host

lib/vite_ruby/sri_extensions.rb

@@ -22,7 +22,8 @@ module ViteRuby::ManifestIntegrityExtension
     script_paths = entries.map do |entry|
       {
         file: entry.fetch('file'),
-        integrity: entry.fetch('integrity'),
+        # TODO: Secure this so we require the integrity hash outside of dev
+        integrity: entry['integrity'],
       }
     end
 

vite.config.mts

@@ -53,9 +53,6 @@ export const config: UserConfigFnPromise = async ({ mode, command }) => {
         // but it needs to be scoped to the whole domain
         'Service-Worker-Allowed': '/',
       },
-      hmr: {
-        clientPort: parseInt(env.VITE_HMR_PORT ?? '3000'),
-      },
     },
     build: {
       commonjsOptions: { transformMixedEsModules: true },