Revert "DEV: Disable ACE editor worker blobs"

Revert “DEV: Disable ACE editor worker blobs”

This reverts commit d5463d2a4d7999c5157e1f2db0b10f67120e660c.

With S3 assets, CORS prevents loading worker assets directly.

diff --git a/app/assets/javascripts/admin/components/ace-editor.js b/app/assets/javascripts/admin/components/ace-editor.js
index 480a896..123193c 100644
--- a/app/assets/javascripts/admin/components/ace-editor.js
+++ b/app/assets/javascripts/admin/components/ace-editor.js
@@ -74,8 +74,6 @@ export default Component.extend({
 
     loadScript("/javascripts/ace/ace.js").then(() => {
       window.ace.require(["ace/ace"], loadedAce => {
-        loadedAce.config.set("loadWorkerFromBlob", false);
-
         if (!this.element || this.isDestroying || this.isDestroyed) {
           return;
         }
diff --git a/lib/content_security_policy/default.rb b/lib/content_security_policy/default.rb
index 95d98fc..43f076e 100644
--- a/lib/content_security_policy/default.rb
+++ b/lib/content_security_policy/default.rb
@@ -63,6 +63,8 @@ class ContentSecurityPolicy
 
     def worker_src
       [
+        "'self'",
+        "blob:",
         *script_assets(worker: true)
       ]
     end
diff --git a/spec/lib/content_security_policy_spec.rb b/spec/lib/content_security_policy_spec.rb
index 764bc03..d7b60eb 100644
--- a/spec/lib/content_security_policy_spec.rb
+++ b/spec/lib/content_security_policy_spec.rb
@@ -33,9 +33,11 @@ describe ContentSecurityPolicy do
   end
 
   describe 'worker-src' do
-    it 'always has script srcs' do
+    it 'has expected values' do
       worker_srcs = parse(policy)['worker-src']
       expect(worker_srcs).to eq(%w[
+        'self'
+        blob:
         http://test.localhost/assets/
         http://test.localhost/brotli_asset/
         http://test.localhost/javascripts/

GitHub sha: 3cf93e9a