govuk_app_config 1.16.3 → 1.17.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +4 -0
  3. data/lib/govuk_app_config/govuk_content_security_policy.rb +7 -3
  4. data/lib/govuk_app_config/version.rb +1 -1
  5. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: d69c3ac1670b7d39ad3b9d08128bc78caa3ba14ad0df21f26341561e17c2d752
4
- data.tar.gz: b479c4deebb953d387279fd9a2a2535fc0338bab3d0c99625c281933f9e27f4c
3
+ metadata.gz: fe5e846bb45a6b28512d6dc2dd01794106ebe653d739855b564491290b8a6e31
4
+ data.tar.gz: '05335490c4278b67b1ab0404712b91cd9fc4be44f08887cad5453313e0cfb502'
5
5
  SHA512:
6
- metadata.gz: 837012296a8f38a30b31fe3a176639fee74ca1577150530efad4dfc13dd919b34dc4533f84b385c4600a053f200760bbf2d437f1b6a7a9c880cbd47ffa2f6bef
7
- data.tar.gz: 6c5b19c54be06d5af13caf148dea3fd32cb96544c9ee6222b11f4d0c7f50c78353fe4e16e9f1b3fb756ac30f6e13793cd5cfd9a128810c1de429e17bafa40047
6
+ metadata.gz: aba550d1c915e3f2ede8424ac30f1c5ea35de88c4c68a744075a6cc19c65ffdda3ffdd7ae7bcebc178f9fb5bedba291ec4d585f09a0cff764baf2efe0587bf52
7
+ data.tar.gz: 54cbb007d3e933986a5d0af504d0c57042267d22375e7784c043a3022b10a7935bb7b550be181ded92a0769680861344077656bef6886857aa50e13293341fa6
data/CHANGELOG.md CHANGED
@@ -1,3 +1,7 @@
1
+ # 1.17.0
2
+
3
+ * Tweak our CSP to work with 'dev.gov.uk'
4
+
1
5
  # 1.16.3
2
6
 
3
7
  * Revert PR #89 - it relies on an unreleased feature of aws-xray-sdk
data/lib/govuk_app_config/govuk_content_security_policy.rb CHANGED
@@ -11,7 +11,11 @@ module GovukContentSecurityPolicy
11
11
  # - https://csp-evaluator.withgoogle.com
12
12
  # - https://cspvalidator.org
13
13
 
14
- GOVUK_DOMAINS = "'self' *.publishing.service.gov.uk localhost".freeze
14
+ GOVUK_DOMAINS = [
15
+ "'self'",
16
+ '*.publishing.service.gov.uk',
17
+ "*.#{ENV['GOVUK_APP_DOMAIN_EXTERNAL'] || ENV['GOVUK_APP_DOMAIN'] || 'dev.gov.uk'}"
18
+ ].uniq.join(" ").freeze
15
19
 
16
20
  GOOGLE_ANALYTICS_DOMAINS = "www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net".freeze
17
21
 
@@ -130,9 +134,9 @@ module GovukContentSecurityPolicy
130
134
  # AWS Lambda function that filters out junk reports.
131
135
  if Rails.env.production?
132
136
  reporting = "report-uri https://jhpno0hk6b.execute-api.eu-west-2.amazonaws.com/production"
133
- Rails.application.config.action_dispatch.default_headers['Content-Security-Policy-Report-Only'] = GovukContentSecurityPolicy.build + " " + reporting
137
+ Rails.application.config.action_dispatch.default_headers['Content-Security-Policy-Report-Only'] = self.build + " " + reporting
134
138
  else
135
- Rails.application.config.action_dispatch.default_headers['Content-Security-Policy'] = GovukContentSecurityPolicy.build
139
+ Rails.application.config.action_dispatch.default_headers['Content-Security-Policy'] = self.build
136
140
  end
137
141
  end
138
142
  end
data/lib/govuk_app_config/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module GovukAppConfig
2
- VERSION = "1.16.3"
2
+ VERSION = "1.17.0"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: govuk_app_config
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.16.3
4
+ version: 1.17.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - GOV.UK Dev
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2019-05-28 00:00:00.000000000 Z
11
+ date: 2019-05-29 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-xray-sdk