From cd83d918e593d45128574a79036ed5df0ea48216 Mon Sep 17 00:00:00 2001
From: Pete Matsyburka <pete@docuseal.com>
Date: Wed, 24 Sep 2025 15:45:04 +0300
Subject: [PATCH] fix csp

---
 app/controllers/application_controller.rb     |  2 +-
 app/javascript/application.js                 |  5 ++
 app/javascript/elements/autosize_field.js     | 21 ++++++++
 app/javascript/lib/turbo_instant_click.js     |  2 +-
 .../devise/shared/_select_server.html.erb     | 52 -------------------
 app/views/layouts/application.html.erb        |  2 +-
 app/views/scripts/_server_selector.html.erb   | 26 ----------
 app/views/shared/_body_scripts.html.erb       |  0
 app/views/submissions/show.html.erb           |  4 +-
 9 files changed, 32 insertions(+), 82 deletions(-)
 create mode 100644 app/javascript/elements/autosize_field.js
 delete mode 100644 app/views/scripts/_server_selector.html.erb
 create mode 100644 app/views/shared/_body_scripts.html.erb

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 843ef605..0ba4a117 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -13,7 +13,7 @@ class ApplicationController < ActionController::Base
   before_action :maybe_redirect_to_setup, unless: :signed_in?
   before_action :authenticate_user!, unless: :devise_controller?
 
-  before_action :set_csp, if: -> { request.get? && !turbo_frame_request? && !request.headers['HTTP_VND.PREFETCH'] }
+  before_action :set_csp, if: -> { request.get? && !request.headers['HTTP_X_TURBO'] }
 
   helper_method :button_title,
                 :current_account,
diff --git a/app/javascript/application.js b/app/javascript/application.js
index b9467861..1a1ee2a5 100644
--- a/app/javascript/application.js
+++ b/app/javascript/application.js
@@ -47,6 +47,7 @@ import ReviewForm from './elements/review_form'
 import ShowOnValue from './elements/show_on_value'
 import CustomValidation from './elements/custom_validation'
 import ToggleClasses from './elements/toggle_classes'
+import AutosizeField from './elements/autosize_field'
 
 import * as TurboInstantClick from './lib/turbo_instant_click'
 
@@ -63,6 +64,9 @@ document.addEventListener('keyup', (e) => {
 })
 
 document.addEventListener('turbo:before-fetch-request', encodeMethodIntoRequestBody)
+document.addEventListener('turbo:before-fetch-request', (event) => {
+  event.detail.fetchOptions.headers['X-Turbo'] = 'true'
+})
 document.addEventListener('turbo:submit-end', async (event) => {
   const resp = event.detail?.formSubmission?.result?.fetchResponse?.response
 
@@ -129,6 +133,7 @@ safeRegisterElement('review-form', ReviewForm)
 safeRegisterElement('show-on-value', ShowOnValue)
 safeRegisterElement('custom-validation', CustomValidation)
 safeRegisterElement('toggle-classes', ToggleClasses)
+safeRegisterElement('autosize-field', AutosizeField)
 
 safeRegisterElement('template-builder', class extends HTMLElement {
   connectedCallback () {
diff --git a/app/javascript/elements/autosize_field.js b/app/javascript/elements/autosize_field.js
new file mode 100644
index 00000000..b6f56763
--- /dev/null
+++ b/app/javascript/elements/autosize_field.js
@@ -0,0 +1,21 @@
+export default class extends HTMLElement {
+  connectedCallback () {
+    const originalFontValue = this.field.style.fontSize
+
+    if (this.field.scrollHeight > this.field.clientHeight) {
+      this.field.style.fontSize = `calc(${originalFontValue} / 1.5)`
+      this.field.style.lineHeight = `calc(${this.field.style.fontSize} * 1.3)`
+
+      if (this.field.scrollHeight > this.field.clientHeight) {
+        this.field.style.fontSize = `calc(${originalFontValue} / 2.0)`
+        this.field.style.lineHeight = `calc(${this.field.style.fontSize} * 1.3)`
+      }
+    }
+
+    this.field.classList.remove('hidden')
+  }
+
+  get field () {
+    return this.closest('field-value')
+  }
+}
diff --git a/app/javascript/lib/turbo_instant_click.js b/app/javascript/lib/turbo_instant_click.js
index 01789e95..d72d4ce8 100644
--- a/app/javascript/lib/turbo_instant_click.js
+++ b/app/javascript/lib/turbo_instant_click.js
@@ -56,7 +56,7 @@ function mouseoverListener (event) {
 
   const requestOptions = {
     credentials: 'same-origin',
-    headers: { Accept: 'text/html, application/xhtml+xml', 'VND.PREFETCH': 'true' },
+    headers: { Accept: 'text/html, application/xhtml+xml', 'VND.PREFETCH': 'true', 'X-Turbo': 'true' },
     method: 'GET',
     redirect: 'follow'
   }
diff --git a/app/views/devise/shared/_select_server.html.erb b/app/views/devise/shared/_select_server.html.erb
index 58b1dbec..e69de29b 100644
--- a/app/views/devise/shared/_select_server.html.erb
+++ b/app/views/devise/shared/_select_server.html.erb
@@ -1,52 +0,0 @@
-<% eu_server = request.host == 'docuseal.eu' %>
-<server-selector>
-  <div id="global_server_selector" class="text-center hidden">
-    <div class="join">
-      <a href="https://docuseal.com<%= request.fullpath.gsub('docuseal.eu', 'docuseal.com') %>" class="btn bg-base-200 join-item w-40 <%= 'bg-base-300' unless eu_server %>">
-        <%= svg_icon 'world', class: 'w-5 h-5' %>
-        Global
-      </a>
-      <a href="https://docuseal.eu<%= request.fullpath.gsub('docuseal.com', 'docuseal.eu') %>" class="relative btn bg-base-200 join-item w-40 <%= 'bg-base-300' if eu_server %>">
-        <%= svg_icon 'eu_flag', class: 'w-5 h-5' %>
-        Europe
-        <% unless eu_server %>
-          <span id="eu_server_alert" class="absolute flex space-x-0.5 hidden" style="top: -1.5rem;">
-            <span class="text-xs font-normal leading-none text-base-content normal-case">
-              <%= t('eu_data_residency') %>
-            </span>
-            <%= svg_icon 'corner_right_down', class: 'w-4 h-5 stroke-1 shrink-0 pt-1' %>
-          </span>
-        <% end %>
-      </a>
-    </div>
-  </div>
-  <div id="server_selector" class="flex justify-center <%= 'hidden' unless eu_server %>">
-    <div class="dropdown">
-      <label tabindex="0" class="relative btn btn-sm bg-transparent font-medium normal-case border-base-content/20 justify-start" style="width: 141px; padding: 0 20px">
-        <% if eu_server %>
-          <%= svg_icon 'eu_flag', class: 'w-5 h-5' %>
-          <span>EU Cloud</span>
-        <% else %>
-          <%= svg_icon 'usa_flag', class: 'w-5 h-5' %>
-          <span>US Cloud</span>
-        <% end %>
-        <%= svg_icon 'chevron_down', class: 'mr-1 w-4 h-4 absolute right-1' %>
-      </label>
-      <ul tabindex="0" class="dropdown-content z-[1] menu border border-base-content/20 mt-1 bg-base-100 rounded-box w-36">
-        <li>
-          <a href="https://docuseal.com<%= request.fullpath.gsub('docuseal.eu', 'docuseal.com') %>" class="flex items-center space-x-2 <%= 'bg-base-300' unless eu_server %>">
-            <%= svg_icon 'usa_flag', class: 'w-5 h-5' %>
-            US Cloud
-          </a>
-        </li>
-        <li>
-          <a href="https://docuseal.eu<%= request.fullpath.gsub('docuseal.com', 'docuseal.eu') %>" class="flex items-center space-x-2 <%= 'bg-base-300' if eu_server %>">
-            <%= svg_icon 'eu_flag', class: 'w-5 h-5' %>
-            EU Cloud
-          </a>
-        </li>
-      </ul>
-    </div>
-  </div>
-</server-selector>
-<%= render 'scripts/server_selector' %>
diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb
index 60c6222e..0dee5392 100644
--- a/app/views/layouts/application.html.erb
+++ b/app/views/layouts/application.html.erb
@@ -18,7 +18,6 @@
       <link href="<%= canonical_url %>" rel="canonical">
     <% end %>
     <%= stylesheet_pack_tag 'application', media: 'all' %>
-    <%= render 'shared/plausible' if !signed_in? && ENV['PLAUSIBLE_DOMAIN'] %>
   </head>
   <body>
     <turbo-frame id="modal"></turbo-frame>
@@ -28,5 +27,6 @@
     <div class="max-w-6xl mx-auto px-4 md:px-2 mb-8">
       <%= yield %>
     </div>
+    <%= render 'shared/body_scripts' %>
   </body>
 </html>
diff --git a/app/views/scripts/_server_selector.html.erb b/app/views/scripts/_server_selector.html.erb
deleted file mode 100644
index c67da29b..00000000
--- a/app/views/scripts/_server_selector.html.erb
+++ /dev/null
@@ -1,26 +0,0 @@
-<script nonce="<%= content_security_policy_nonce %>">
-  if (!window.customElements.get('server-selector')) {
-    customElements.define('server-selector', class extends HTMLElement {
-      connectedCallback() {
-        const serverSelector = this.querySelector('#server_selector');
-        const globalServerSelector = this.querySelector('#global_server_selector');
-        const euServerAlert = this.querySelector('#eu_server_alert');
-        const timezone = Intl.DateTimeFormat().resolvedOptions().timeZone;
-        const usTimezones = /^(?:America\/(?:New_York|Detroit|Kentucky|Indiana|Chicago|Menominee|North_Dakota|Denver|Boise|Phoenix|Los_Angeles|Anchorage|Juneau|Sitka|Metlakatla|Yakutat|Nome|Adak)|Pacific\/Honolulu)/;
-
-        if (!serverSelector.classList.contains('hidden')) {
-          return
-        }
-
-        if (usTimezones.test(timezone)) {
-          serverSelector.classList.remove('hidden');
-        } else if (timezone.includes('Europe')) {
-          globalServerSelector.classList.remove('hidden');
-          euServerAlert?.classList?.remove('hidden');
-        } else {
-          globalServerSelector.classList.remove('hidden');
-        }
-      }
-    });
-  }
-</script>
diff --git a/app/views/shared/_body_scripts.html.erb b/app/views/shared/_body_scripts.html.erb
new file mode 100644
index 00000000..e69de29b
diff --git a/app/views/submissions/show.html.erb b/app/views/submissions/show.html.erb
index 0c1d897f..dbd75575 100644
--- a/app/views/submissions/show.html.erb
+++ b/app/views/submissions/show.html.erb
@@ -302,4 +302,6 @@
     </label>
   </toggle-visible>
 </div>
-<%= render 'scripts/autosize_field' %>
+<% unless request.headers['HTTP_X_TURBO'] %>
+  <%= render 'scripts/autosize_field' %>
+<% end %>