govuk_app_config 7.2.1 → 8.0.1
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 86a7c7bbd8a1996a9e919b875f782fc90a1c5fca1f5356dfa219c76868f2a2cf
|
|
4
|
+
data.tar.gz: 0e1ea3f6bbe677dc656e4b99d27d43c49e6b67368120b3cf2a0a2cd1e754928b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 0e5360f08d06a6e24f922a214746fabf2a981ba048ca81b6ac11441f759d7b4044e725f9ca9672206645adbe06541aef480e51e4e4ba553fcde2c881adb75704
|
|
7
|
+
data.tar.gz: f64dfad4c602b668a01685b384956a7f8f3d593fb3876f19357ac142d97c36de10d54224958115070d10596d9f9e06c51fd812685def74267d646052e8aa5fe1
|
data/.github/workflows/ci.yml
CHANGED
|
@@ -1,4 +1,15 @@
|
|
|
1
|
-
on:
|
|
1
|
+
on:
|
|
2
|
+
push:
|
|
3
|
+
branches:
|
|
4
|
+
- main
|
|
5
|
+
pull_request:
|
|
6
|
+
workflow_dispatch:
|
|
7
|
+
inputs:
|
|
8
|
+
ref:
|
|
9
|
+
description: 'The branch, tag or SHA to checkout'
|
|
10
|
+
default: main
|
|
11
|
+
type: string
|
|
12
|
+
|
|
2
13
|
jobs:
|
|
3
14
|
# Run the test suite against multiple Ruby and Rails versions
|
|
4
15
|
test_matrix:
|
|
@@ -10,6 +21,8 @@ jobs:
|
|
|
10
21
|
runs-on: ubuntu-latest
|
|
11
22
|
steps:
|
|
12
23
|
- uses: actions/checkout@v3
|
|
24
|
+
with:
|
|
25
|
+
ref: ${{ inputs.ref || github.ref }}
|
|
13
26
|
- uses: ruby/setup-ruby@v1
|
|
14
27
|
with:
|
|
15
28
|
ruby-version: ${{ matrix.ruby }}
|
|
@@ -24,7 +37,7 @@ jobs:
|
|
|
24
37
|
runs-on: ubuntu-latest
|
|
25
38
|
steps:
|
|
26
39
|
- run: echo "All matrix tests have passed 🚀"
|
|
27
|
-
|
|
40
|
+
|
|
28
41
|
publish:
|
|
29
42
|
needs: test
|
|
30
43
|
if: ${{ github.ref == 'refs/heads/main' }}
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,11 @@
|
|
|
1
|
+
# 8.0.1
|
|
2
|
+
|
|
3
|
+
* Change the "source" field in Rails logs from logstasher from string representing IP host address to an empty object.
|
|
4
|
+
|
|
5
|
+
# 8.0.0
|
|
6
|
+
|
|
7
|
+
* BREAKING: Content Security Policy forbids the use of inline style attributes.
|
|
8
|
+
|
|
1
9
|
# 7.2.1
|
|
2
10
|
|
|
3
11
|
* Allow prometheus binding to fail with a warning rather than a crash ([#294](https://github.com/alphagov/govuk_app_config/pull/294))
|
|
@@ -56,17 +56,10 @@ module GovukContentSecurityPolicy
|
|
|
56
56
|
"www.youtube-nocookie.com"
|
|
57
57
|
|
|
58
58
|
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/style-src
|
|
59
|
-
# Note: we purposely don't include `data
|
|
59
|
+
# Note: we purposely don't include `data:`, `unsafe-inline` or `unsafe-eval` because
|
|
60
60
|
# they are security risks, if you need them for a legacy app please only apply them at
|
|
61
61
|
# an app level.
|
|
62
|
-
policy.style_src :self,
|
|
63
|
-
*GOOGLE_STATIC_DOMAINS,
|
|
64
|
-
# This allows `style=""` attributes and `<style>` elements.
|
|
65
|
-
# As of January 2023 our intentions to remove this were scuppered
|
|
66
|
-
# by Govspeak [1] using inline styles on tables. Until that
|
|
67
|
-
# is resolved we'll keep unsafe_inline
|
|
68
|
-
# [1]: https://github.com/alphagov/govspeak/blob/5642fcc4231f215d1c58ad7feb30ca42fb8cfb91/lib/govspeak/html_sanitizer.rb#L72-L73
|
|
69
|
-
:unsafe_inline
|
|
62
|
+
policy.style_src :self, *GOOGLE_STATIC_DOMAINS
|
|
70
63
|
|
|
71
64
|
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/font-src
|
|
72
65
|
# Note: we purposely don't include data here because it produces a security risk.
|
|
@@ -48,6 +48,10 @@ module GovukLogging
|
|
|
48
48
|
Rails.application.config.logstasher.view_enabled = false
|
|
49
49
|
Rails.application.config.logstasher.job_enabled = false
|
|
50
50
|
|
|
51
|
+
# Elasticsearch index expect source to be an object and logstash defaults
|
|
52
|
+
# source to be the host IP address causing logs to be dropped.
|
|
53
|
+
Rails.application.config.logstasher.source = {}
|
|
54
|
+
|
|
51
55
|
Rails.application.config.logstasher.logger = Logger.new(
|
|
52
56
|
$real_stdout, # rubocop:disable Style/GlobalVars
|
|
53
57
|
level: Rails.logger.level,
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: govuk_app_config
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 8.0.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- GOV.UK Dev
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-
|
|
11
|
+
date: 2023-06-12 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: logstasher
|