PROD removed all warning, exported variable new Vue, added Content-Security-Policy head's meta

web/themes/custom/materiotheme/assets/scripts/main.js

@@ -58,11 +58,12 @@ import 'theme/assets/styles/print.scss'
 
 import { MA } from 'vuejs/api/ma-axios'
 
+export let _v_sitebranding_block, _v_user_block, _v_header_menu,
+  _v_pagetitle_block, _v_search_block,
+  _v_main_content, _v_left_content
+
 (function (Drupal, drupalSettings, drupalDecoupled) {
   const MaterioTheme = function () {
-    let _v_sitebranding_block, _v_user_block, _v_header_menu,
-      _v_pagetitle_block, _v_search_block,
-      _v_main_content, _v_left_content
     const _is_front = drupalSettings.path.isFront
     console.log('drupalSettings', drupalSettings)
 

web/themes/custom/materiotheme/materiotheme.theme

@@ -71,6 +71,17 @@ function materiotheme_preprocess_html(&$vars) {
   $vars['page']['#attached']['html_head'][] = [$viewport, 'viewport'];
   // drupal_add_html_head($viewport, 'viewport');
 
+  // https://stackoverflow.com/a/48700852
+  // <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
+  $content_security_policy = array(
+    '#tag' => 'meta',
+    '#attributes' => array(
+      'http-equiv' => 'Content-Security-Policy',
+      'content' => 'upgrade-insecure-requests',
+    ),
+  );
+  $vars['page']['#attached']['html_head'][] = [$content_security_policy, 'content_security_policy'];
+
   // $gv = [
   //   '#tag' => 'meta',
   //   '#attributes' => [

web/themes/custom/materiotheme/vuejs/api/rest-axios.js

@@ -3,9 +3,10 @@ import axios from 'axios'
 // https://github.com/alvar0hurtad0/drupal-vuejs-todo/blob/master/frontend/src/api/axiosInterceptor.js
 
 // console.log('drupalSettings', drupalSettings)
+// console.log('window.location.origin', window.location.origin)
 
 export const REST = axios.create({
-  baseURL: window.location.origin,
+  baseURL: '//' + window.location.host,
   withCredentials: true,
   headers: {
     // Authorization: 'Bearer {token}',