govuk_app_config 7.2.0 → 8.0.0
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: c1dd070d1b3a41bd0eb7345fa619c18b3c611d279e6688c8e3565c3dbdc92a2e
|
|
4
|
+
data.tar.gz: 14e16cb4227f681a38e36abceb7e693d0fec5db388d5d87ec195942be0e325d9
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 0c16cc5b73d5ffb2d1c5ec1ed0b6479f32a781b9747864454799f08302a719840bdc816317a78c76c9cbeeb8eec90c79958c3fbd9fac7a008bab828fe4a9a852
|
|
7
|
+
data.tar.gz: 11b23903b16b594015f04d00f6bfff838ce7e89d1dd25bcc15cea50f65cc2c36dbe910acf1cc0c3cc31786f2059d5560f968a1804546082c6f4c88aba1dca213
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,11 @@
|
|
|
1
|
+
# 8.0.0
|
|
2
|
+
|
|
3
|
+
* BREAKING: Content Security Policy forbids the use of inline style attributes.
|
|
4
|
+
|
|
5
|
+
# 7.2.1
|
|
6
|
+
|
|
7
|
+
* Allow prometheus binding to fail with a warning rather than a crash ([#294](https://github.com/alphagov/govuk_app_config/pull/294))
|
|
8
|
+
|
|
1
9
|
# 7.2.0
|
|
2
10
|
|
|
3
11
|
* Suppress noisy Puma::HttpParserError errors ([#292](https://github.com/alphagov/govuk_app_config/pull/292))
|
|
@@ -56,17 +56,10 @@ module GovukContentSecurityPolicy
|
|
|
56
56
|
"www.youtube-nocookie.com"
|
|
57
57
|
|
|
58
58
|
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/style-src
|
|
59
|
-
# Note: we purposely don't include `data
|
|
59
|
+
# Note: we purposely don't include `data:`, `unsafe-inline` or `unsafe-eval` because
|
|
60
60
|
# they are security risks, if you need them for a legacy app please only apply them at
|
|
61
61
|
# an app level.
|
|
62
|
-
policy.style_src :self,
|
|
63
|
-
*GOOGLE_STATIC_DOMAINS,
|
|
64
|
-
# This allows `style=""` attributes and `<style>` elements.
|
|
65
|
-
# As of January 2023 our intentions to remove this were scuppered
|
|
66
|
-
# by Govspeak [1] using inline styles on tables. Until that
|
|
67
|
-
# is resolved we'll keep unsafe_inline
|
|
68
|
-
# [1]: https://github.com/alphagov/govspeak/blob/5642fcc4231f215d1c58ad7feb30ca42fb8cfb91/lib/govspeak/html_sanitizer.rb#L72-L73
|
|
69
|
-
:unsafe_inline
|
|
62
|
+
policy.style_src :self, *GOOGLE_STATIC_DOMAINS
|
|
70
63
|
|
|
71
64
|
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/font-src
|
|
72
65
|
# Note: we purposely don't include data here because it produces a security risk.
|
|
@@ -34,15 +34,19 @@ module GovukPrometheusExporter
|
|
|
34
34
|
end
|
|
35
35
|
end
|
|
36
36
|
|
|
37
|
-
|
|
38
|
-
|
|
37
|
+
begin
|
|
38
|
+
server = PrometheusExporter::Server::WebServer.new bind: "0.0.0.0", port: 9394
|
|
39
|
+
server.start
|
|
39
40
|
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
41
|
+
if defined?(Rails)
|
|
42
|
+
Rails.application.middleware.unshift PrometheusExporter::Middleware
|
|
43
|
+
end
|
|
43
44
|
|
|
44
|
-
|
|
45
|
-
|
|
45
|
+
if defined?(Sinatra)
|
|
46
|
+
Sinatra.use PrometheusExporter::Middleware
|
|
47
|
+
end
|
|
48
|
+
rescue Errno::EADDRINUSE
|
|
49
|
+
warn "Warning: Could not connect to Prometheus Server"
|
|
46
50
|
end
|
|
47
51
|
end
|
|
48
52
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: govuk_app_config
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 8.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- GOV.UK Dev
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-
|
|
11
|
+
date: 2023-06-02 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: logstasher
|