govuk_app_config 1.18.1 → 1.19.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +5 -0
  3. data/lib/govuk_app_config/govuk_content_security_policy.rb +2 -3
  4. data/lib/govuk_app_config/version.rb +1 -1
  5. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a50c0d77a0aae41136b1099a036a761c3e1a965ecb0184879f8f722d40786108
4
- data.tar.gz: 87d38200558b9f2b945910ee6447cb150d53e83ad06005e0fa5c439ef70eb79d
3
+ metadata.gz: 6d37e912e97b61b2e44e7426227dec0d41ba54f038d0c699bc211fdaf16a0d78
4
+ data.tar.gz: ee89d83862262cedf567af94127caee6742418442a510a801e319a97af68d8e7
5
5
  SHA512:
6
- metadata.gz: af87829f8bf53a26b7df8b612e3a113c5d14ac0b3f09609bb62751c8376b20c81b37958702f43a9829d5c20ccaaf784c2b0e09ad9a5da034e323e2db228af7b2
7
- data.tar.gz: 7786abef8b8319af18b79779e98f721c3526947d804534ef6f78c4b47b14e380997052de3f3fa10e8d4d4f661855fce1fa466894b7d8eab447ea54d12f75ad82
6
+ metadata.gz: f33fd6b8fa2860522faaf3bc0b98464060bf38f66844c81ba93e71d98cc0f10e7dd15f6dd70384ee49b8b644ca82816b7a53fd4f5310807f7582bc073d15a28d
7
+ data.tar.gz: f9a936b6ef4d608aa7de868b4eeb933c5f98301f8f7fa9d0397dcbc454bde939a1e4f0b624e5739461b042f3adac0bba1526d291f96bd806c6b9996d0c7084a5
data/CHANGELOG.md CHANGED
@@ -1,3 +1,8 @@
1
+ # 1.19.0
2
+
3
+ * Use `GOVUK_CSP_REPORT_ONLY` and `GOVUK_CSP_REPORT_URI` to configure
4
+ content security policy.
5
+
1
6
  # 1.18.1
2
7
 
3
8
  * Fix incorrect report_uri= method usage in content security policy
data/lib/govuk_app_config/govuk_content_security_policy.rb CHANGED
@@ -71,12 +71,11 @@ module GovukContentSecurityPolicy
71
71
  # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-src
72
72
  policy.frame_src :self, *GOVUK_DOMAINS, "www.youtube.com" # Allow youtube embeds
73
73
 
74
- # AWS Lambda function that filters out junk reports.
75
- policy.report_uri "https://jhpno0hk6b.execute-api.eu-west-2.amazonaws.com/production" if Rails.env.production?
74
+ policy.report_uri ENV["GOVUK_CSP_REPORT_URI"] if ENV.include?("GOVUK_CSP_REPORT_URI")
76
75
  end
77
76
 
78
77
  def self.configure
79
- Rails.application.config.content_security_policy_report_only = true if Rails.env.production?
78
+ Rails.application.config.content_security_policy_report_only = ENV.include?("GOVUK_CSP_REPORT_ONLY")
80
79
 
81
80
  Rails.application.config.content_security_policy(&method(:build_policy))
82
81
  end
data/lib/govuk_app_config/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module GovukAppConfig
2
- VERSION = "1.18.1"
2
+ VERSION = "1.19.0"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: govuk_app_config
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.18.1
4
+ version: 1.19.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - GOV.UK Dev
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2019-06-03 00:00:00.000000000 Z
11
+ date: 2019-06-12 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-xray-sdk