Commit to raw.esm.sh

This commit also adds an error message for when the Content Security Policy is likely at fault for blocking it.

packages/frontend/src/components/SkFlashPlayer.vue

@@ -106,7 +106,7 @@ async function loadRuffle() {
 
 	window.RufflePlayer.config = {
 		// Options affecting the whole page
-		'publicPath': `https://esm.sh/@ruffle-rs/ruffle@${packageInfo.dependencies['@ruffle-rs/ruffle']}/`,
+		'publicPath': `https://raw.esm.sh/@ruffle-rs/ruffle@${packageInfo.dependencies['@ruffle-rs/ruffle']}/`,
 		'polyfills': false,
 
 		// Options affecting files only
@@ -171,7 +171,16 @@ function loadContent() {
 	loadingStatus.value = 'Loading Flash file';
 	player.value.load(url.value).then(() => {
 		loadingStatus.value = undefined;
-	}).catch(handleError);
+	}).catch(error => {
+		fetch('https://raw.esm.sh/', {
+			mode: 'cors',
+		}).then(() => {
+			handleError(error); // Unexpected error
+		}).catch(() => {
+			// Must be CSP because esm.sh should be online if `loadRuffle()` didn't fail
+			handleError('raw.esm.sh could not be accessed, meaning this instance\'s Content Security Policy is likely out of date. Please contact your instance administrators.');
+		});
+	});
 }
 
 function playPause() {

packages/frontend/src/index.html

@@ -18,11 +18,11 @@
 		http-equiv="Content-Security-Policy"
 		content="default-src 'self' https://newassets.hcaptcha.com/ https://challenges.cloudflare.com/ http://localhost:7493/;
 			worker-src 'self' blob:;
-			script-src 'self' 'unsafe-eval' https://*.hcaptcha.com https://challenges.cloudflare.com https://esm.sh https://cdn.jsdelivr.net;
+			script-src 'self' 'unsafe-eval' https://*.hcaptcha.com https://challenges.cloudflare.com https://esm.sh https://cdn.jsdelivr.net https://raw.esm.sh;
 			style-src 'self' 'unsafe-inline';
 			img-src 'self' data: blob: www.google.com xn--931a.moe localhost:3000 localhost:5173 127.0.0.1:5173 127.0.0.1:3000 activitypub.software secure.gravatar.com avatars.githubusercontent.com;
 			media-src 'self' localhost:3000 localhost:5173 127.0.0.1:5173 127.0.0.1:3000;
-			connect-src 'self' localhost:3000 localhost:5173 127.0.0.1:5173 127.0.0.1:3000 https://newassets.hcaptcha.com https://api.listenbrainz.org https://api.friendlycaptcha.com;
+			connect-src 'self' localhost:3000 localhost:5173 127.0.0.1:5173 127.0.0.1:3000 https://newassets.hcaptcha.com https://api.listenbrainz.org https://api.friendlycaptcha.com https://raw.esm.sh;
 			frame-src *;"
 	/>
 	<meta property="og:site_name" content="[DEV BUILD] Misskey" />

packages/frontend/vite.config.local-dev.ts

@@ -34,7 +34,7 @@ const externalPackages = [
 		path(id: string, pattern: RegExp): string {
 			const match = pattern.exec(id)?.groups;
 			return match
-				? `https://esm.sh/@ruffle-rs/ruffle@${packageInfo.dependencies['@ruffle-rs/ruffle']}/${match['file']}`
+				? `https://esm.sh/@ruffle-rs/ruffle@${packageInfo.dependencies['@ruffle-rs/ruffle']}/${match['file']}?raw`
 				: id;
 		},
 	},

packages/frontend/vite.config.ts

@@ -35,7 +35,7 @@ const externalPackages = [
 		path(id: string, pattern: RegExp): string {
 			const match = pattern.exec(id)?.groups;
 			return match
-				? `https://esm.sh/@ruffle-rs/ruffle@${packageInfo.dependencies['@ruffle-rs/ruffle']}/${match['file']}`
+				? `https://esm.sh/@ruffle-rs/ruffle@${packageInfo.dependencies['@ruffle-rs/ruffle']}/${match['file']}?raw`
 				: id;
 		},
 	},