Update state management to use Universal ID #120
Conversation
| // always send state | ||
| state.payloadChunks.forEach((chunk, i) => { | ||
| fetchOptions.headers[`TurboBoost-State-${i.toString().padStart(4, '0')}`] = chunk | ||
| }) |
There was a problem hiding this comment.
Previously we always sent state. We may want to consider bringing this back when we put more attention on state management and optimistic updates. I think it's fine to omit for now.
There was a problem hiding this comment.
As I wrote you in our private conversation, my only problem seems to be with elements that could be expected with such a refactoring.
Commands seems to be working great for me (I use that individually for some really cool stuff as well).
My PRs should help simplify the setup for testing import maps, but I see nothing obvious in this PR, nor do I have any issues other than with elements.
It's good to go unless you depend on elements being fixed first.
| pin "debounced", to: "https://ga.jspm.io/npm:debounced@0.0.5/src/index.js" | ||
| # TODO: I have no idea why the fuck jspm.io refuses to build the latest versions of @turbo-boost libs | ||
| # You can generate URLs like the one I'm using below here → https://www.jsdelivr.com/github | ||
| pin "@turbo-boost/streams", to: "https://cdn.jsdelivr.net/gh/hopsoft/turbo_boost-streams@v0.1.6/app/assets/builds/%40turbo-boost/streams.js" |
There was a problem hiding this comment.
After merging my PR, you should be able to use:
pin "@turbo-boost/streams", to: "@turbo-boost/streams.js"
| def append_meta_tag_to_response_body | ||
| cookies.encrypted["turbo_boost.token"] = {value: new_token, path: "/"} | ||
| append_to_response_body turbo_stream.invoke("morph", args: [meta_tag], selector: "#turbo-boost") | ||
| def append_command_token_to_response_body |
There was a problem hiding this comment.
This method name had me dig into the source as to what is actually appended where. 👇 makes total sense, but from the method name I'd have assumed it's inserting it as a text node or something.
There was a problem hiding this comment.
Perhaps we can follow up with more clear semantic naming for some of these.
Since import maps JSPM and the javascript ecosystem are a mess in their current state, allow import maps to match the assets served by the gem rather than download them from JSPM.
Reduce potential ISP/Gateway privacy concerns related to user tracking etc.
Note
There aren't any inherent privacy issues related to TurboBoost Commands (TBC). TBC does NOT track user/visitor data for any purpose. The original cookie and header management simply served to facilitate a better user experience (UX).
This PR updates the "state" mechanics to use the URL and hidden form fields rather than cookies and headers for this purpose.
TurboBoost state management provides a facility for remembering and restoring the state used to render the last representation of a page or component. It also provides the facility to support client side optimistic updates that we can resolve server side. All of this tooling enables developers to provide a great reactive user experience to visitors with minimal code.
After more discovery and some conversations with AI, I've teased out the following areas that are potential spots that may can appear suspect to naive privacy tools.
This PR addresses each of the above items to de-risk privacy hawks from attaching a false positive flag due to any library activity or operations.