refactor(pages,views,worker): disable runtime preload injection where…

… possible

src/pages/account.html

@@ -1,21 +1,22 @@
 <!doctype html>
 <html>
   <head>
-    <script src="https://js.stripe.com/v3/"></script>
-    <script src="account.js" type="module"></script>
     <meta name="viewport" content="width=device-width, viewport-fit=cover, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
+    <meta name="runtime-preload-injection" content="disabled">
     <meta
       http-equiv="Content-Security-Policy"
       content="
         connect-src https://js.stripe.com;
-         script-src https://js.stripe.com 'unsafe-eval';
+         script-src https://js.stripe.com socket://co.socketsupply.union/pages/account.js 'unsafe-eval';
             img-src https://js.stripe.com;
           child-src https://js.stripe.com;
          object-src 'none';
       "
     >
     <link rel="stylesheet" href="../css/theme.css">
     <link rel="stylesheet" href="../css/page-account.css">
+    <script src="https://js.stripe.com/v3/"></script>
+    <script src="account.js" type="module"></script>
   </head>
 
   <body>

src/pages/account.js

@@ -5,7 +5,8 @@ const sharedKeys = {
 
 window.addEventListener('DOMContentLoaded', e => {
   setTimeout(() => {
-    const key = !!globalThis.__args.env.DEV ? sharedKeys.test : sharedKeys.live
+    const url = new URL(globalThis.location.href)
+    const key = url.searchParams.get('dev') === 'true' ? sharedKeys.test : sharedKeys.live
     const stripe = Stripe(key)
 
     const elements = stripe.elements()

src/views/home.js

@@ -25,7 +25,7 @@ class ViewHome extends Tonic {
           webview_auto_register_service_workers: false,
           webview_service_worker_frame: false
         },
-        path: 'pages/account.html',
+        path: `pages/account.html?dev=${process.env.DEV ? 'true' : 'false'}`,
         index: 14,
         closable: true,
         maximizable: false,
@@ -173,7 +173,7 @@ class ViewHome extends Tonic {
               id="profile-public-key"
             ></tonic-textarea>
 
-            <iframe src="pages/account.html" border=0></iframe>
+            <iframe src="pages/account.html?dev=${process.env.DEV ? 'true' : 'false'}" border=0></iframe>
           </section>
         </tonic-tab-panel>
       </div>

src/worker.js

@@ -14,6 +14,11 @@ export default async function (req, env, ctx) {
 
   const p = path.join(navigatorPath, route.pathname.groups[0])
   const params = url.searchParams
+  const headers = {
+    'Content-Type': type || 'text/html',
+    'Cache-Control': 'no-cache',
+    'Access-Control-Allow-Origin': '*'
+  }
 
   let data = ''
 
@@ -24,6 +29,7 @@ export default async function (req, env, ctx) {
       data = await res.text()
     } else if (!res.ok || res.status === 404) {
       data = '<h1>Not Found</h1>'
+      headers['Runtime-Preload-Injection'] = 'disabled'
     }
   } catch (err) {
     data = err.message
@@ -98,11 +104,5 @@ export default async function (req, env, ctx) {
   const types = await lookup(path.extname(url.pathname).slice(1))
   const type = types[0]?.mime ?? ''
 
-  const headers = {
-    'Content-Type': type || 'text/html',
-    'Cache-Control': 'no-cache',
-    'Access-Control-Allow-Origin': '*'
-  }
-
   return new Response(html, { status: 200, headers })
 }

tsconfig.json

@@ -0,0 +1,32 @@
+{
+  "include": [
+    "src/*.js",
+    "src/**/*.js",
+    "src/**/**/*.js"
+  ],
+  "exclude": [
+    "node_modules",
+    "types",
+    "build"
+  ],
+  "compilerOptions": {
+    "moduleResolution": "node",
+    "target": "es2022",
+    "module": "es2022",
+    "lib": ["es2022", "dom"],
+    "types": ["@socketsupply/socket"],
+    "removeComments": false,
+    "checkJs": true,
+    "allowJs": true,
+    "noEmit": true,
+    "allowSyntheticDefaultImports": true,
+    "alwaysStrict": true,
+    "strictNullChecks": false,
+    "declaration": true,
+    "declarationMap": true,
+    "baseUrl": ".",
+    "paths": {
+      "npm:*": ["node_modules/*"]
+    }
+  }
+}