RubyGems - bullet - Versions diffs - 6.1.3 → 6.1.4 - Diffend - OSS supply chain security and management platform

bullet 6.1.3 → 6.1.4

Files changed (9) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +4 -0
data/README.md +2 -1
data/lib/bullet.rb +2 -2
data/lib/bullet/rack.rb +2 -2
data/lib/bullet/stack_trace_filter.rb +3 -6
data/lib/bullet/version.rb +1 -1
data/spec/bullet/rack_spec.rb +63 -7
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b574ae38dafed75dc9aded2d6c97ab057593fcda5a49ec4875bc327f99625efd
-  data.tar.gz: df882c895e98b91a26371b670ffd439a2a39e80df57ce1b61a87de6e89c10c1a
+  metadata.gz: 74ea4e863bfe254dde17af73253ffe7041cd2b2dabee2dad05d1eccb6904f229
+  data.tar.gz: 284dcd1a516922384bdaf1b3dd9e6a5e6776c213c3ecbc9ca41b223c5b92d36b
 SHA512:
-  metadata.gz: 475691616eca228e0938effbc8a9a8930d8ab33f673d4cb2a75ff02b2933ba01ee2a570fff1d9d669700fb05cf09dff9149555f1f2b35c4a31c8904620db70e3
-  data.tar.gz: 86f37317790084aa7ca3860c1757a41354678a1a0bfbf56fe6f21ebe6793eef5ff257fe75bbad77b999484a9e1abb527d9e9ac877dda04cf9f1236e110e6d561
+  metadata.gz: 26c43bfdac9582f059d067d4f56d4d85ed28416654ff5fd4686bf9977cbfbc8d92f887079954662e904fbe3d1b861d02482ac2fefac30a859fbdad8c3833e225
+  data.tar.gz: 48decfa9d28b9936f5c1f39c669b6e8061fae649f9036c29d4b28138083a43db8739f3b73bb9c390e9f6baea62aa1f66f79e8ced69cf13e789b8f116c101f25f

data/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,9 @@
 ## Next Release
+## 6.1.4 (02/26/2021)
+* Added an option to stop adding HTTP headers to API requests
 ## 6.1.3 (01/21/2021)
 * Consider ThroughAssociation at SingularAssociation like CollectionAssociation

data/README.md CHANGED Viewed

@@ -93,7 +93,8 @@ The code above will enable all of the Bullet notification systems:
 * `Bullet.rollbar`: add notifications to rollbar
 * `Bullet.sentry`: add notifications to sentry
 * `Bullet.add_footer`: adds the details in the bottom left corner of the page. Double click the footer or use close button to hide footer.
-* `Bullet.skip_html_injection`: prevents Bullet from injecting XHR into the returned HTML. This must be false for receiving alerts or console logging.
+* `Bullet.skip_html_injection`: prevents Bullet from injecting code into the returned HTML. This must be false for receiving alerts, showing the footer or console logging.
+* `Bullet.skip_http_headers`: don't add headers to API requests, and remove the javascript that relies on them. Note that this prevents bullet from logging warnings to the browser console or updating the footer.
 * `Bullet.stacktrace_includes`: include paths with any of these substrings in the stack trace, even if they are not in your main app
 * `Bullet.stacktrace_excludes`: ignore paths with any of these substrings in the stack trace, even if they are not in your main app.
    Each item can be a string (match substring), a regex, or an array where the first item is a path to match, and the second

data/lib/bullet.rb CHANGED Viewed

@@ -39,7 +39,7 @@ module Bullet
                 :stacktrace_excludes,
                 :skip_html_injection
     attr_reader :whitelist
-    attr_accessor :add_footer, :orm_patches_applied
+    attr_accessor :add_footer, :orm_patches_applied, :skip_http_headers
     available_notifiers = UniformNotifier::AVAILABLE_NOTIFIERS.select { |notifier| notifier != :raise }.map { |notifier| "#{notifier}=" }
     available_notifiers_options = { to: UniformNotifier }
@@ -73,7 +73,7 @@ module Bullet
     end
     def app_root
-      (defined?(::Rails.root) ? Rails.root.to_s : Dir.pwd).to_s
+      @app_root ||= (defined?(::Rails.root) ? Rails.root.to_s : Dir.pwd).to_s
     end
     def n_plus_one_query_enable?

data/lib/bullet/rack.rb CHANGED Viewed

@@ -22,9 +22,9 @@ module Bullet
             response_body = response_body(response)
             response_body = append_to_html_body(response_body, footer_note) if Bullet.add_footer
             response_body = append_to_html_body(response_body, Bullet.gather_inline_notifications)
-            response_body = append_to_html_body(response_body, xhr_script) if Bullet.add_footer
+            response_body = append_to_html_body(response_body, xhr_script) if Bullet.add_footer && !Bullet.skip_http_headers
             headers['Content-Length'] = response_body.bytesize.to_s
-          else
+          elsif !Bullet.skip_http_headers
             set_header(headers, 'X-bullet-footer-text', Bullet.footer_info.uniq) if Bullet.add_footer
             set_header(headers, 'X-bullet-console-text', Bullet.text_notifications) if Bullet.console_enabled?
           end

data/lib/bullet/stack_trace_filter.rb CHANGED Viewed

@@ -3,6 +3,7 @@
 module Bullet
   module StackTraceFilter
     VENDOR_PATH = '/vendor'
+    IS_RUBY_19 = Gem::Version.new(RUBY_VERSION) < Gem::Version.new('2.0.0')
     def caller_in_project
       vendor_root = Bullet.app_root + VENDOR_PATH
@@ -47,19 +48,15 @@ module Bullet
     end
     def location_as_path(location)
-      ruby_19? ? location : location.absolute_path.to_s
+      IS_RUBY_19 ? location : location.absolute_path.to_s
     end
     def select_caller_locations
-      if ruby_19?
+      if IS_RUBY_19
         caller.select { |caller_path| yield caller_path }
       else
         caller_locations.select { |location| yield location }
       end
     end
-    def ruby_19?
-      @ruby_19 ||= Gem::Version.new(RUBY_VERSION) < Gem::Version.new('2.0.0')
-    end
   end
 end

data/lib/bullet/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Bullet
-  VERSION = '6.1.3'
+  VERSION = '6.1.4'
 end

data/spec/bullet/rack_spec.rb CHANGED Viewed

@@ -90,7 +90,7 @@ module Bullet
           before do
             expect(Bullet).to receive(:notification?).and_return(true)
             allow(Bullet).to receive(:gather_inline_notifications).and_return('<bullet></bullet>')
-            allow(middleware).to receive(:xhr_script).and_return('')
+            allow(middleware).to receive(:xhr_script).and_return('<script></script>')
             allow(middleware).to receive(:footer_note).and_return('footer')
             expect(Bullet).to receive(:perform_out_of_channel_notifications)
           end
@@ -99,9 +99,8 @@ module Bullet
             expect(Bullet).to receive(:add_footer).exactly(3).times.and_return(true)
             _, headers, response = middleware.call('Content-Type' => 'text/html')
-            expect(headers['Content-Length']).to eq((56 + middleware.send(:footer_note).length).to_s)
-            expect(response.first).to start_with('<html><head></head><body>')
-            expect(response.first).to include('<bullet></bullet><')
+            expect(headers['Content-Length']).to eq((73 + middleware.send(:footer_note).length).to_s)
+            expect(response).to eq(%w[<html><head></head><body>footer<bullet></bullet><script></script></body></html>])
           end
           it 'should change response body for html safe string if add_footer is true' do
@@ -111,9 +110,16 @@ module Bullet
             end
             _, headers, response = middleware.call('Content-Type' => 'text/html')
-            expect(headers['Content-Length']).to eq((56 + middleware.send(:footer_note).length).to_s)
-            expect(response.first).to start_with('<html><head></head><body>')
-            expect(response.first).to include('<bullet></bullet><')
+            expect(headers['Content-Length']).to eq((73 + middleware.send(:footer_note).length).to_s)
+            expect(response).to eq(%w[<html><head></head><body>footer<bullet></bullet><script></script></body></html>])
+          end
+          it 'should add the footer-text header for non-html requests when add_footer is true' do
+            allow(Bullet).to receive(:add_footer).at_least(:once).and_return(true)
+            allow(Bullet).to receive(:footer_info).and_return(['footer text'])
+            app.headers = {'Content-Type' => 'application/json'}
+            _, headers, _response = middleware.call({})
+            expect(headers).to include('X-bullet-footer-text' => '["footer text"]')
           end
           it 'should change response body if console_enabled is true' do
@@ -133,12 +139,62 @@ module Bullet
             expect(response).to eq(%w[<html><head></head><body><bullet></bullet></body></html>])
           end
+          it 'should add headers for non-html requests when console_enabled is true' do
+            allow(Bullet).to receive(:console_enabled?).at_least(:once).and_return(true)
+            allow(Bullet).to receive(:text_notifications).and_return(['text notifications'])
+            app.headers = {'Content-Type' => 'application/json'}
+            _, headers, _response = middleware.call({})
+            expect(headers).to include('X-bullet-console-text' => '["text notifications"]')
+          end
           it "shouldn't change response body unnecessarily" do
             expected_response = Support::ResponseDouble.new 'Actual body'
             app.response = expected_response
             _, _, response = middleware.call({})
             expect(response).to eq(expected_response)
           end
+          it "shouldn't add headers unnecessarily" do
+            app.headers = {'Content-Type' => 'application/json'}
+            _, headers, _response = middleware.call({})
+            expect(headers).not_to include('X-bullet-footer-text')
+            expect(headers).not_to include('X-bullet-console-text')
+          end
+          context "when skip_http_headers is enabled" do
+            before do
+              allow(Bullet).to receive(:skip_http_headers).and_return(true)
+            end
+            it 'should include the footer but not the xhr script tag if add_footer is true' do
+              expect(Bullet).to receive(:add_footer).at_least(:once).and_return(true)
+              _, headers, response = middleware.call({})
+              expect(headers['Content-Length']).to eq((56 + middleware.send(:footer_note).length).to_s)
+              expect(response).to eq(%w[<html><head></head><body>footer<bullet></bullet></body></html>])
+            end
+            it 'should not include the xhr script tag if console_enabled is true' do
+              expect(Bullet).to receive(:console_enabled?).and_return(true)
+              _, headers, response = middleware.call({})
+              expect(headers['Content-Length']).to eq('56')
+              expect(response).to eq(%w[<html><head></head><body><bullet></bullet></body></html>])
+            end
+            it 'should not add the footer-text header for non-html requests when add_footer is true' do
+              allow(Bullet).to receive(:add_footer).at_least(:once).and_return(true)
+              app.headers = {'Content-Type' => 'application/json'}
+              _, headers, _response = middleware.call({})
+              expect(headers).not_to include('X-bullet-footer-text')
+            end
+            it 'should not add headers for non-html requests when console_enabled is true' do
+              allow(Bullet).to receive(:console_enabled?).at_least(:once).and_return(true)
+              app.headers = {'Content-Type' => 'application/json'}
+              _, headers, _response = middleware.call({})
+              expect(headers).not_to include('X-bullet-console-text')
+            end
+          end
         end
         context 'when skip_html_injection is enabled' do

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: bullet
 version: !ruby/object:Gem::Version
-  version: 6.1.3
+  version: 6.1.4
 platform: ruby
 authors:
 - Richard Huang
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-01-20 00:00:00.000000000 Z
+date: 2021-02-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport