Add sha-256 hash for toggling dark theme code and remove inlined phoenix digest

Follow-up to !1300

Signed-off-by: Thomas Citharel <tcit@tcit.fr>

lib/web/plugs/http_security_plug.ex

@@ -85,7 +85,8 @@ defmodule Mobilizon.Web.Plugs.HTTPSecurityPlug do
       else
         [
           @script_src,
-          "'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' "
+          "'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' ",
+          "'sha256-zJdRXhLWm9NGI6BFr+sNmHBBrjAdJdFr7MpUq0EwK58=' "
         ]
       end
 

lib/web/templates/page/index.html.heex

@@ -20,7 +20,6 @@
       <link rel="preload" href="/img/shape-3.svg" as="image" />
     <% end %>
     <%= tags(assigns) || assigns.tags %>
-    <%= Vite.inlined_phx_manifest() %>
     <%= Vite.vite_client() %>
     <%= Vite.vite_snippet("src/main.ts") %>
   </head>

test/web/plugs/http_security_plug_test.exs

@@ -73,7 +73,7 @@ defmodule Mobilizon.Web.Plugs.HTTPSecurityPlugTest do
       [csp] = Conn.get_resp_header(conn, "content-security-policy")
 
       assert csp =~
-               ~r/script-src 'self' 'unsafe-eval' 'sha256-[\w+\/=]*' example.com matomo.example.com  ;/
+               ~r/script-src 'self' 'unsafe-eval' 'sha256-[\w+\/=]*' 'sha256-[\w+\/=]*' example.com matomo.example.com  ;/
     end
   end