coalescing_panda 1.1.21 → 1.1.21.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/coalescing_panda/engine.rb +43 -37
  3. data/lib/coalescing_panda/version.rb +1 -1
  4. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 944d92a3431e6323e9ba3b51aa7def85416dd322fbd51c26c70a1f07f5eced1a
4
- data.tar.gz: f58244ff27af50fef210b7a88b306adda5ab421e3abf72ef9adfad2fdd198ffa
3
+ metadata.gz: 32540f0bb85313eba7c4fd929b7bf55e7eaf9530877403972269f55abe92921a
4
+ data.tar.gz: 7780ee6b54a92fc11d95cc2c7c25c294a6bed3d7954c1754f6ec8180a4761e44
5
5
  SHA512:
6
- metadata.gz: f461fef8d038d1a6bb0c1bb6863231e556fe9bad0589d48b6e844dbc6e3f3eaf335f28706271a15eb54dfa5cb97c12cc34f044d243f594f82c64b4fe8244e723
7
- data.tar.gz: 4962e1e2c3335c1e5986dca5ddd7132cb7b973156e76b34a738a6a9278f083106dd451165e7b88fde95d961a491301ba9bc98a61f0d3f226a4b41392c10120fb
6
+ metadata.gz: f72e05c8581d3caf3541718516b4a20e72c6cb78af4c9b822982805e6da1dab9f7f7ce17ce5179eaa703898452d65d338685b3f8bf890f6c42ed67eca2f5725c
7
+ data.tar.gz: b8079a6c869505f33092f442fc33c3865d515e8d781252fbc35a7fa033d9351a2650a3a558db56debaf18b6c6d1fa930c9713054e6ae168887a754ae6f6cbc1b
data/lib/coalescing_panda/engine.rb CHANGED
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require 'secure_headers'
2
4
 
3
5
  module CoalescingPanda
@@ -7,74 +9,78 @@ module CoalescingPanda
7
9
 
8
10
  initializer :append_migrations do |app|
9
11
  unless app.root.to_s.match root.to_s
10
- config.paths["db/migrate"].expanded.each do |expanded_path|
11
- app.config.paths["db/migrate"] << expanded_path
12
+ config.paths['db/migrate'].expanded.each do |expanded_path|
13
+ app.config.paths['db/migrate'] << expanded_path
12
14
  end
13
15
  end
14
16
  end
15
17
 
16
- initializer 'coalescing_panda.app_controller' do |app|
18
+ initializer 'coalescing_panda.app_controller' do |_app|
17
19
  OAUTH_10_SUPPORT = true
18
20
  ActiveSupport.on_load(:action_controller) do
19
21
  include CoalescingPanda::ControllerHelpers
20
22
  end
21
23
  end
22
24
 
23
- initializer 'cloaescing_panda.route_helper' do |route|
24
- ActionDispatch::Routing::Mapper.send :include, CoalescingPanda::RouteHelpers
25
+ initializer 'cloaescing_panda.route_helper' do |_route|
26
+ ActionDispatch::Routing::Mapper.include CoalescingPanda::RouteHelpers
25
27
  end
26
28
 
27
- initializer 'coalescing_panda.route_options', :after => :disable_dependency_loading do |app|
29
+ initializer 'coalescing_panda.route_options', after: :disable_dependency_loading do |_app|
28
30
  ActiveSupport.on_load(:action_controller) do
29
- #force the routes to load
31
+ # force the routes to load
30
32
  Rails.application.reload_routes!
31
- CoalescingPanda::propagate_lti_navigation
33
+ CoalescingPanda.propagate_lti_navigation
32
34
  end
33
35
  end
34
36
 
35
- initializer :secure_headers do |app|
36
- connect_src = %w('self')
37
- script_src = %w('self')
37
+ initializer :secure_headers do |_app|
38
+ connect_src = %w[self]
39
+ script_src = %w[self]
38
40
  if Rails.env.development?
39
41
  # Allow webpack-dev-server to work
40
- connect_src << "http://localhost:3035"
41
- connect_src << "ws://localhost:3035"
42
+ connect_src << 'http://localhost:3035'
43
+ connect_src << 'ws://localhost:3035'
42
44
  # Allow stuff like rack-mini-profiler to work in development:
43
45
  # https://github.com/MiniProfiler/rack-mini-profiler/issues/327
44
46
  # DON'T ENABLE THIS FOR PRODUCTION!
45
47
  script_src << "'unsafe-eval'"
46
48
  end
47
- SecureHeaders::Configuration.default do |config|
48
- # The default cookie headers aren't compatable with PandaPal cookies currenntly
49
- config.cookies = { samesite: { none: true } }
50
- # Need to allow LTI iframes
51
- config.x_frame_options = "ALLOWALL"
52
- config.x_content_type_options = "nosniff"
53
- config.x_xss_protection = "1; mode=block"
54
- config.referrer_policy = %w(origin-when-cross-origin strict-origin-when-cross-origin)
55
- config.csp = {
56
- default_src: %w('self'),
57
- script_src: script_src,
58
- # Certain CSS-in-JS libraries inline the CSS, so we need to use unsafe-inline for them
59
- style_src: %w('self' 'unsafe-inline' blob: https://fonts.googleapis.com),
60
- font_src: %w('self' data: https://fonts.gstatic.com),
61
- connect_src: connect_src,
62
- }
49
+ begin
50
+ SecureHeaders::Configuration.default do |config|
51
+ # The default cookie headers aren't compatable with PandaPal cookies currenntly
52
+ config.cookies = { samesite: { none: true } }
53
+ # Need to allow LTI iframes
54
+ config.x_frame_options = 'ALLOWALL'
55
+ config.x_content_type_options = 'nosniff'
56
+ config.x_xss_protection = '1; mode=block'
57
+ config.referrer_policy = %w[origin-when-cross-origin strict-origin-when-cross-origin]
58
+ config.csp = {
59
+ default_src: %w[self],
60
+ script_src: script_src,
61
+ # Certain CSS-in-JS libraries inline the CSS, so we need to use unsafe-inline for them
62
+ style_src: %w[self unsafe-inline blob: https://fonts.googleapis.com],
63
+ font_src: %w[self data: https://fonts.gstatic.com],
64
+ connect_src: connect_src
65
+ }
66
+ end
67
+ rescue AlreadyConfiguredError
68
+ Rails.logger.warn 'Could not set default secure headers configuration when there is one already, continuing with previously defined configuration'
63
69
  end
64
70
  SecureHeaders::Configuration.override(:safari_override) do |config|
65
71
  config.cookies = SecureHeaders::OPT_OUT
66
72
  # Need to allow LTI iframes
67
- config.x_frame_options = "ALLOWALL"
68
- config.x_content_type_options = "nosniff"
69
- config.x_xss_protection = "1; mode=block"
70
- config.referrer_policy = %w(origin-when-cross-origin strict-origin-when-cross-origin)
73
+ config.x_frame_options = 'ALLOWALL'
74
+ config.x_content_type_options = 'nosniff'
75
+ config.x_xss_protection = '1; mode=block'
76
+ config.referrer_policy = %w[origin-when-cross-origin strict-origin-when-cross-origin]
71
77
  config.csp = {
72
- default_src: %w('self'),
78
+ default_src: %w[self],
73
79
  script_src: script_src,
74
80
  # Certain CSS-in-JS libraries inline the CSS, so we need to use unsafe-inline for them
75
- style_src: %w('self' 'unsafe-inline' blob: https://fonts.googleapis.com),
76
- font_src: %w('self' data: https://fonts.gstatic.com),
77
- connect_src: connect_src,
81
+ style_src: %w[self unsafe-inline blob: https://fonts.googleapis.com],
82
+ font_src: %w[self data: https://fonts.gstatic.com],
83
+ connect_src: connect_src
78
84
  }
79
85
  end
80
86
  end
data/lib/coalescing_panda/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module CoalescingPanda
2
- VERSION = '1.1.21'
2
+ VERSION = '1.1.21.1'
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: coalescing_panda
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.1.21
4
+ version: 1.1.21.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Nathan Mills
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-04-28 00:00:00.000000000 Z
11
+ date: 2020-05-04 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails