coalescing_panda 1.1.21 → 1.1.21.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/coalescing_panda/engine.rb +43 -37
  3. data/lib/coalescing_panda/version.rb +1 -1
  4. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 944d92a3431e6323e9ba3b51aa7def85416dd322fbd51c26c70a1f07f5eced1a
4
- data.tar.gz: f58244ff27af50fef210b7a88b306adda5ab421e3abf72ef9adfad2fdd198ffa
3
+ metadata.gz: 32540f0bb85313eba7c4fd929b7bf55e7eaf9530877403972269f55abe92921a
4
+ data.tar.gz: 7780ee6b54a92fc11d95cc2c7c25c294a6bed3d7954c1754f6ec8180a4761e44
5
5
  SHA512:
6
- metadata.gz: f461fef8d038d1a6bb0c1bb6863231e556fe9bad0589d48b6e844dbc6e3f3eaf335f28706271a15eb54dfa5cb97c12cc34f044d243f594f82c64b4fe8244e723
7
- data.tar.gz: 4962e1e2c3335c1e5986dca5ddd7132cb7b973156e76b34a738a6a9278f083106dd451165e7b88fde95d961a491301ba9bc98a61f0d3f226a4b41392c10120fb
6
+ metadata.gz: f72e05c8581d3caf3541718516b4a20e72c6cb78af4c9b822982805e6da1dab9f7f7ce17ce5179eaa703898452d65d338685b3f8bf890f6c42ed67eca2f5725c
7
+ data.tar.gz: b8079a6c869505f33092f442fc33c3865d515e8d781252fbc35a7fa033d9351a2650a3a558db56debaf18b6c6d1fa930c9713054e6ae168887a754ae6f6cbc1b
data/lib/coalescing_panda/engine.rb CHANGED
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require 'secure_headers'
2
4
 
3
5
  module CoalescingPanda
@@ -7,74 +9,78 @@ module CoalescingPanda
7
9
 
8
10
  initializer :append_migrations do |app|
9
11
  unless app.root.to_s.match root.to_s
10
- config.paths["db/migrate"].expanded.each do |expanded_path|
11
- app.config.paths["db/migrate"] << expanded_path
12
+ config.paths['db/migrate'].expanded.each do |expanded_path|
13
+ app.config.paths['db/migrate'] << expanded_path
12
14
  end
13
15
  end
14
16
  end
15
17
 
16
- initializer 'coalescing_panda.app_controller' do |app|
18
+ initializer 'coalescing_panda.app_controller' do |_app|
17
19
  OAUTH_10_SUPPORT = true
18
20
  ActiveSupport.on_load(:action_controller) do
19
21
  include CoalescingPanda::ControllerHelpers
20
22
  end
21
23
  end
22
24
 
23
- initializer 'cloaescing_panda.route_helper' do |route|
24
- ActionDispatch::Routing::Mapper.send :include, CoalescingPanda::RouteHelpers
25
+ initializer 'cloaescing_panda.route_helper' do |_route|
26
+ ActionDispatch::Routing::Mapper.include CoalescingPanda::RouteHelpers
25
27
  end
26
28
 
27
- initializer 'coalescing_panda.route_options', :after => :disable_dependency_loading do |app|
29
+ initializer 'coalescing_panda.route_options', after: :disable_dependency_loading do |_app|
28
30
  ActiveSupport.on_load(:action_controller) do
29
- #force the routes to load
31
+ # force the routes to load
30
32
  Rails.application.reload_routes!
31
- CoalescingPanda::propagate_lti_navigation
33
+ CoalescingPanda.propagate_lti_navigation
32
34
  end
33
35
  end
34
36
 
35
- initializer :secure_headers do |app|
36
- connect_src = %w('self')
37
- script_src = %w('self')
37
+ initializer :secure_headers do |_app|
38
+ connect_src = %w[self]
39
+ script_src = %w[self]
38
40
  if Rails.env.development?
39
41
  # Allow webpack-dev-server to work
40
- connect_src << "http://localhost:3035"
41
- connect_src << "ws://localhost:3035"
42
+ connect_src << 'http://localhost:3035'
43
+ connect_src << 'ws://localhost:3035'
42
44
  # Allow stuff like rack-mini-profiler to work in development:
43
45
  # https://github.com/MiniProfiler/rack-mini-profiler/issues/327
44
46
  # DON'T ENABLE THIS FOR PRODUCTION!
45
47
  script_src << "'unsafe-eval'"
46
48
  end
47
- SecureHeaders::Configuration.default do |config|
48
- # The default cookie headers aren't compatable with PandaPal cookies currenntly
49
- config.cookies = { samesite: { none: true } }
50
- # Need to allow LTI iframes
51
- config.x_frame_options = "ALLOWALL"
52
- config.x_content_type_options = "nosniff"
53
- config.x_xss_protection = "1; mode=block"
54
- config.referrer_policy = %w(origin-when-cross-origin strict-origin-when-cross-origin)
55
- config.csp = {
56
- default_src: %w('self'),
57
- script_src: script_src,
58
- # Certain CSS-in-JS libraries inline the CSS, so we need to use unsafe-inline for them
59
- style_src: %w('self' 'unsafe-inline' blob: https://fonts.googleapis.com),
60
- font_src: %w('self' data: https://fonts.gstatic.com),
61
- connect_src: connect_src,
62
- }
49
+ begin
50
+ SecureHeaders::Configuration.default do |config|
51
+ # The default cookie headers aren't compatable with PandaPal cookies currenntly
52
+ config.cookies = { samesite: { none: true } }
53
+ # Need to allow LTI iframes
54
+ config.x_frame_options = 'ALLOWALL'
55
+ config.x_content_type_options = 'nosniff'
56
+ config.x_xss_protection = '1; mode=block'
57
+ config.referrer_policy = %w[origin-when-cross-origin strict-origin-when-cross-origin]
58
+ config.csp = {
59
+ default_src: %w[self],
60
+ script_src: script_src,
61
+ # Certain CSS-in-JS libraries inline the CSS, so we need to use unsafe-inline for them
62
+ style_src: %w[self unsafe-inline blob: https://fonts.googleapis.com],
63
+ font_src: %w[self data: https://fonts.gstatic.com],
64
+ connect_src: connect_src
65
+ }
66
+ end
67
+ rescue AlreadyConfiguredError
68
+ Rails.logger.warn 'Could not set default secure headers configuration when there is one already, continuing with previously defined configuration'
63
69
  end
64
70
  SecureHeaders::Configuration.override(:safari_override) do |config|
65
71
  config.cookies = SecureHeaders::OPT_OUT
66
72
  # Need to allow LTI iframes
67
- config.x_frame_options = "ALLOWALL"
68
- config.x_content_type_options = "nosniff"
69
- config.x_xss_protection = "1; mode=block"
70
- config.referrer_policy = %w(origin-when-cross-origin strict-origin-when-cross-origin)
73
+ config.x_frame_options = 'ALLOWALL'
74
+ config.x_content_type_options = 'nosniff'
75
+ config.x_xss_protection = '1; mode=block'
76
+ config.referrer_policy = %w[origin-when-cross-origin strict-origin-when-cross-origin]
71
77
  config.csp = {
72
- default_src: %w('self'),
78
+ default_src: %w[self],
73
79
  script_src: script_src,
74
80
  # Certain CSS-in-JS libraries inline the CSS, so we need to use unsafe-inline for them
75
- style_src: %w('self' 'unsafe-inline' blob: https://fonts.googleapis.com),
76
- font_src: %w('self' data: https://fonts.gstatic.com),
77
- connect_src: connect_src,
81
+ style_src: %w[self unsafe-inline blob: https://fonts.googleapis.com],
82
+ font_src: %w[self data: https://fonts.gstatic.com],
83
+ connect_src: connect_src
78
84
  }
79
85
  end
80
86
  end
data/lib/coalescing_panda/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module CoalescingPanda
2
- VERSION = '1.1.21'
2
+ VERSION = '1.1.21.1'
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: coalescing_panda
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.1.21
4
+ version: 1.1.21.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Nathan Mills
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-04-28 00:00:00.000000000 Z
11
+ date: 2020-05-04 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails